CVE-2016-7479

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2016-7479
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-7479.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-7479
Downstream
Related
Published
2017-01-12T00:59:00.140Z
Modified
2026-03-10T14:13:18.976187Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution.

References

Affected packages

Git / github.com/php/php-src

Affected ranges

Type
GIT
Repo
https://github.com/php/php-src
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
60fffd296abce5fc071f3c173c25a2696cf683c6
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
4054ec69da7631046f19d54ab06f09728a208b8b
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
038c63cdea0472176ec2fdb162cfbd96e8c5f83e
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
4e1b8701573698f56e12672e4991d7e6239138d2
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e09845d32614a19188632f410316478fbb440ebd
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
249a8fd9ae2324c84ede7ecfca6f6026e6d87df6
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
734a5fca2c4731e34eca551f28be9a10ffc3f3c9
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
fb59213fc461f079bc218abf44cb5e2b4db2182c
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
a36407215f69ba2debf77933dcb3faa0c3ba2d04
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
9d582eba7448f1495fae62b13d95d2844ce6b28a
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
da12ca9c1ed03084e6803f5e81e46f2e0a80460a
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e2874f7bf990ed58ba6f7abccefa2c00a0447fc7
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
140e2adb5ab8a5ed0624366c0416f07b8aa17254
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
94933677a34de91b54ecd3cbe44770b7c204dc8a
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0221e9f827632942225586687a33cfd554860d5e
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.6"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.7"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.8"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.9"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.10"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.11"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.12"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.14"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.1.0"
        }
    ]
}

Affected versions

Other
NEWS
NEWS-cvs2svn
POST_64BIT_BRANCH_MERGE
POST_AST_MERGE
POST_NATIVE_TLS_MERGE
POST_PHP7_EREG_MYSQL_REMOVALS
POST_PHP7_NSAPI_REMOVAL
POST_PHP7_REMOVALS
POST_PHPNG_MERGE
PRE_64BIT_BRANCH_MERGE
PRE_AST_MERGE
PRE_NATIVE_TLS_MERGE
PRE_PHP7_EREG_MYSQL_REMOVALS
PRE_PHP7_NSAPI_REMOVAL
PRE_PHP7_REMOVALS
PRE_PHPNG_MERGE
php-5.*
php-5.3.23RC1
php-5.3.29
php-5.3.29RC1
php-5.4.30RC1
php-5.4.32RC1
php-5.4.4RC2
php-5.5.24RC1
php-5.6.18RC1
php-5.6.19RC1
php-5.6.22RC1
php-5.6.23RC1
php-5.6.24RC1
php-7.*
php-7.0.0
php-7.0.0RC1
php-7.0.0RC2
php-7.0.0RC3
php-7.0.0RC4
php-7.0.0RC5
php-7.0.0RC6
php-7.0.0RC7
php-7.0.0RC8
php-7.0.0alpha1
php-7.0.0alpha2
php-7.0.0beta1
php-7.0.0beta2
php-7.0.0beta3
php-7.0.1
php-7.0.10
php-7.0.10RC1
php-7.0.11
php-7.0.11RC1
php-7.0.12
php-7.0.12RC1
php-7.0.13RC1
php-7.0.14
php-7.0.14RC1
php-7.0.1RC1
php-7.0.2
php-7.0.2RC1
php-7.0.3
php-7.0.3RC1
php-7.0.4
php-7.0.4RC1
php-7.0.5
php-7.0.5RC1
php-7.0.6
php-7.0.6RC1
php-7.0.7
php-7.0.7RC1
php-7.0.8
php-7.0.8RC1
php-7.0.9
php-7.0.9RC1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-7479.json"