CVE-2017-12934

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-12934

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-12934.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-12934

Related

Published

2017-08-18T03:29:00Z

Modified

2024-08-01T08:03:04.640413Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

ext/standard/varunserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x before 7.1.7 is prone to a heap use after free while unserializing untrusted data, related to the zvalgettype function in Zend/zendtypes.h. Exploitation of this issue can have an unspecified impact on the integrity of PHP.

References

Affected packages

Git / github.com/php/php-src

Affected ranges

Type: GIT
Repo: https://github.com/php/php-src
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

0221e9f827632942225586687a33cfd554860d5e

Last affected

038c63cdea0472176ec2fdb162cfbd96e8c5f83e

Last affected

140e2adb5ab8a5ed0624366c0416f07b8aa17254

Last affected

1f68c9d76498819fc504bda226dd034491f73ed3

Last affected

249a8fd9ae2324c84ede7ecfca6f6026e6d87df6

Last affected

37eb1e4d92db3cf3f92910f27216550c0b0a9982

Last affected

4054ec69da7631046f19d54ab06f09728a208b8b

Last affected

42b8d368f83c6484f8ae8c80a9bb56cf4f46d3e2

Last affected

4e1b8701573698f56e12672e4991d7e6239138d2

Last affected

5b34dc2d52841bfab425cbb24e9111172de20ef9

Last affected

5d08c710749096291e294afd641e4429760c6c6e

Last affected

60fffd296abce5fc071f3c173c25a2696cf683c6

Last affected

721bcb2b7e7d283f89c300caed54a532e7fc5ddf

Last affected

734a5fca2c4731e34eca551f28be9a10ffc3f3c9

Last affected

89a97812aaa7abee8855f8a67c0411d9a0380766

Last affected

94933677a34de91b54ecd3cbe44770b7c204dc8a

Last affected

9abbc3cc6d0f448435ca38bef694f671bf7303d8

Last affected

9d582eba7448f1495fae62b13d95d2844ce6b28a

Last affected

9f1492bb895ce297c660bde3fabb5e27a20a7cbd

Last affected

a36407215f69ba2debf77933dcb3faa0c3ba2d04

Last affected

cc766d7730bdec064e32f8009154fa672b34ef9b

Last affected

da12ca9c1ed03084e6803f5e81e46f2e0a80460a

Last affected

e000b401acacd5c0e8d90ec36c2ef1c585d149a2

Last affected

e09845d32614a19188632f410316478fbb440ebd

Last affected

e17e2b26b33f0294cffe0e98c6b3a74ba4d48cb4

Last affected

e2874f7bf990ed58ba6f7abccefa2c00a0447fc7

Last affected

fa587915da22f88ea28b53e6b161cf7c607c28df

Last affected

fb59213fc461f079bc218abf44cb5e2b4db2182c

Affected versions

Other

NEWS

NEWS-cvs2svn

POST_64BIT_BRANCH_MERGE

POST_AST_MERGE

POST_NATIVE_TLS_MERGE

POST_PHP7_EREG_MYSQL_REMOVALS

POST_PHP7_NSAPI_REMOVAL

POST_PHP7_REMOVALS

POST_PHPNG_MERGE

PRE_64BIT_BRANCH_MERGE

PRE_AST_MERGE

PRE_NATIVE_TLS_MERGE

PRE_PHP7_EREG_MYSQL_REMOVALS

PRE_PHP7_NSAPI_REMOVAL

PRE_PHP7_REMOVALS

PRE_PHPNG_MERGE

php-5.*

php-5.3.23RC1

php-5.3.29

php-5.3.29RC1

php-5.4.30RC1

php-5.4.32RC1

php-5.4.4RC2

php-5.5.24RC1

php-5.6.18RC1

php-5.6.19RC1

php-5.6.22RC1

php-5.6.23RC1

php-5.6.24RC1

php-7.*

php-7.0.0

php-7.0.0RC1

php-7.0.0RC2

php-7.0.0RC3

php-7.0.0RC4

php-7.0.0RC5

php-7.0.0RC6

php-7.0.0RC7

php-7.0.0RC8

php-7.0.0alpha1

php-7.0.0alpha2

php-7.0.0beta1

php-7.0.0beta2

php-7.0.0beta3

php-7.0.1

php-7.0.10

php-7.0.10RC1

php-7.0.11

php-7.0.11RC1

php-7.0.12

php-7.0.12RC1

php-7.0.13

php-7.0.13RC1

php-7.0.14

php-7.0.14RC1

php-7.0.15

php-7.0.15RC1

php-7.0.16

php-7.0.16RC1

php-7.0.17

php-7.0.17RC1

php-7.0.18

php-7.0.18RC1

php-7.0.19

php-7.0.19RC1

php-7.0.1RC1

php-7.0.2

php-7.0.20

php-7.0.20RC1

php-7.0.2RC1

php-7.0.3

php-7.0.3RC1

php-7.0.4

php-7.0.4RC1

php-7.0.5

php-7.0.5RC1

php-7.0.6

php-7.0.6RC1

php-7.0.7

php-7.0.7RC1

php-7.0.8

php-7.0.8RC1

php-7.0.9

php-7.0.9RC1

php-7.1.0alpha2

php-7.1.1

php-7.1.1RC1

php-7.1.3

php-7.1.3RC1

php-7.1.5

php-7.1.5RC1

php-7.1.6

php-7.1.6RC1