CVE-2018-15503
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-15503
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-15503.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-15503
- Published
- 2018-08-18T02:29:01Z
- Modified
- 2025-10-21T04:28:40.862091Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The unpack implementation in Swoole version 4.0.4 lacks correct size checks in the deserialization process. An attacker can craft a serialized object to exploit this vulnerability and cause a SEGV.
- References
Affected packages
Git / github.com/swoole/swoole-src
Affected ranges
- Type
- GIT
- Repo
- https://github.com/swoole/swoole-src
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
1.*
1.8.10-stable
1.8.11-alpha
1.8.11-beta
1.8.11-rc1
1.8.11-stable
1.8.12-alpha
1.8.12-beta
1.8.12-rc1
1.8.12-stable
1.8.13-alpha
1.8.13-beta
1.8.6-rc4
1.8.6-stable
1.8.7-rc1
1.8.7-stable
1.8.8-alpha
1.8.8-beta
1.8.8-rc1
1.8.8-stable
1.8.9-alpha
1.8.9-beta
1.8.9-rc1
1.8.9-stable
2.*
2.0.1-alpha
2.0.1-beta
swoole-1.*
swoole-1.5.0
swoole-1.5.1
swoole-1.5.2
swoole-1.5.3
swoole-1.5.4
swoole-1.5.5
swoole-1.5.6
swoole-1.5.7
swoole-1.5.8
swoole-1.5.9
swoole-1.5.9b
swoole-1.6.0
swoole-1.6.1
swoole-1.6.10
swoole-1.6.11-alpha
swoole-1.6.11-beta
swoole-1.6.11-stable
swoole-1.6.12-alpha
swoole-1.6.12-beta
swoole-1.6.12-stable
swoole-1.6.2
swoole-1.6.3
swoole-1.6.4
swoole-1.6.5
swoole-1.6.6
swoole-1.6.7
swoole-1.6.7-for-MacOS
swoole-1.6.8
swoole-1.6.9
swoole-1.7.0-alpha
swoole-1.7.0-stable
swoole-1.7.1-alpha
swoole-1.7.1-beta
swoole-1.7.1-stable
swoole-1.7.10-alpha
swoole-1.7.10-beta
swoole-1.7.10-for-ARM
swoole-1.7.10-rc1
swoole-1.7.10-rc2
swoole-1.7.10-rc3
swoole-1.7.10-rc4
swoole-1.7.10-rc5
swoole-1.7.10-stable
swoole-1.7.11-alpha
swoole-1.7.11-beta
swoole-1.7.11-rc1
swoole-1.7.11-rc2
swoole-1.7.11-stable
swoole-1.7.12-alpha
swoole-1.7.12-stable
swoole-1.7.13-alpha
swoole-1.7.13-beta
swoole-1.7.13-rc1
swoole-1.7.13-rc2
swoole-1.7.13-stable
swoole-1.7.14-alpha
swoole-1.7.14-beta
swoole-1.7.14-rc1
swoole-1.7.14-rc2
swoole-1.7.14-stable
swoole-1.7.15-alpha
swoole-1.7.15-beta
swoole-1.7.15-rc1
swoole-1.7.15-rc2
swoole-1.7.15-rc3
swoole-1.7.15-stable
swoole-1.7.16-alpha
swoole-1.7.16-beta
swoole-1.7.16-stable
swoole-1.7.17-alpha
swoole-1.7.17-beta
swoole-1.7.17-rc1
swoole-1.7.17-stable
swoole-1.7.18-alpha
swoole-1.7.18-beta
swoole-1.7.18-rc1
swoole-1.7.18-rc2
swoole-1.7.18-stable
swoole-1.7.19-alpha
swoole-1.7.19-beta
swoole-1.7.19-rc1
swoole-1.7.19-rc2
swoole-1.7.19-stable
swoole-1.7.2-alpha
swoole-1.7.2-beta
swoole-1.7.2-stable
swoole-1.7.20-alpha
swoole-1.7.20-beta
swoole-1.7.20-stable
swoole-1.7.21-alpha
swoole-1.7.21-beta
swoole-1.7.21-stable
swoole-1.7.22-alpha
swoole-1.7.22-beta
swoole-1.7.22-rc1
swoole-1.7.22-rc2
swoole-1.7.22-stable
swoole-1.7.3-alpha
swoole-1.7.3-beta
swoole-1.7.3-beta-2
swoole-1.7.3-stable
swoole-1.7.4-alpha
swoole-1.7.4-beta
swoole-1.7.4-stable
swoole-1.7.5-RC1
swoole-1.7.5-RC2
swoole-1.7.5-alpha
swoole-1.7.5-beta
swoole-1.7.5-stable
swoole-1.7.6-RC1
swoole-1.7.6-alpha
swoole-1.7.6-beta
swoole-1.7.6-stable
swoole-1.7.7-RC2
swoole-1.7.7-RC3
swoole-1.7.7-alpha
swoole-1.7.7-beta
swoole-1.7.7-stable
swoole-1.7.8-RC1
swoole-1.7.8-RC2
swoole-1.7.8-alpha
swoole-1.7.8-beta
swoole-1.7.8-stable
swoole-1.7.9-alpha
swoole-1.7.9-beta
swoole-1.7.9-rc1
swoole-1.7.9-rc2
swoole-1.7.9-rc3
swoole-1.7.9-rc4
swoole-1.7.9-stable
swoole-1.8.0-alpha
swoole-1.8.0-beta
swoole-1.8.0-rc2
swoole-1.8.0-stable
swoole-1.8.1-alpha
swoole-1.8.1-beta
swoole-1.8.1-stable
swoole-1.8.2-alpha
swoole-1.8.2-beta
swoole-1.8.2-rc1
swoole-1.8.2-rc2
swoole-1.8.2-stable
swoole-1.8.3-alpha
swoole-1.8.3-beta
swoole-1.8.3-rc1
swoole-1.8.3-rc2
swoole-1.8.3-stable
swoole-1.8.4-alpha
swoole-1.8.4-beta
swoole-1.8.4-rc1
swoole-1.8.4-stable
swoole-1.8.5-alpha
swoole-1.8.5-beta
swoole-1.8.5-rc1
swoole-1.8.5-rc2
swoole-1.8.5-stable
swoole-1.8.6-alpha
swoole-1.8.6-beta
swoole-1.8.6-rc1
swoole-1.8.6-rc2
swoole-1.8.6-rc3
swoole-1.8.7-alpha
swoole-1.8.7-beta
v1.*
v1.10.0
v1.10.1
v1.3.1
v1.3release
v1.4.0
v1.4.1
v1.4.2
v1.8.13-stable
v1.8.14-alpha
v1.9.0-alpha
v1.9.0-beta
v1.9.0-rc1
v1.9.0-stable
v1.9.1-alpha
v1.9.1-beta
v1.9.1-rc1
v1.9.1-stable
v1.9.10
v1.9.11
v1.9.12
v1.9.13
v1.9.14
v1.9.15
v1.9.16
v1.9.17
v1.9.18
v1.9.19
v1.9.2-alpha
v1.9.2-stable
v1.9.21
v1.9.22
v1.9.23
v1.9.3-stable
v1.9.4
v1.9.5
v1.9.6
v1.9.7
v1.9.8
v1.9.9
v2.*
v2.0.1
v2.0.10-alpha
v2.0.10-beta
v2.0.10-rc1
v2.0.10-rc2
v2.0.10-rc3
v2.0.10-stable
v2.0.11
v2.0.12
v2.0.2-alpha
v2.0.3
v2.0.4
v2.0.5
v2.0.6
v2.0.7
v2.0.8
v2.0.9
v2.1.0
v2.1.1
v2.1.2
v2.1.3
v3.*
v3.0.0-alpha
v4.*
v4.0.0
v4.0.0-alpha
v4.0.0-beta
v4.0.0-rc1
Database specific
vanir_signatures
[
{
"source": "https://github.com/swoole/swoole-src/commit/4cdbce5d9bf2fe596bb6acd7d6611f9e8c253a76",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "swoole_serialize.c"
},
"id": "CVE-2018-15503-6eed4cf2",
"digest": {
"threshold": 0.9,
"line_hashes": [
"27327491658145454191183675913643776429",
"148048807536482572215586536771339738588",
"283056574427884682559347186794914941418",
"213249443360257041689340304519941112868",
"318211189092762964607899582701197996941",
"325586135594676032070933732792265352364",
"60250848877633725423467952236233047961",
"193928308526599799562657054746859178398",
"290215068655936449849315935681529697390",
"138322607239213698195144770483271216372",
"107502444112180363988132374369772254753",
"100729956685838176420296933823721269024",
"238727235480119949518621090597555073344",
"241349047050587373507823947572682297638",
"78658625519362234703748523435312838803",
"272802496951304390691776853666002928819",
"320511055104847322128622315090697391152",
"201473792045770936698260223075276746956",
"23573621074776207803669741844438332217",
"14051873899177502666652206406504449282",
"129917739313696490973588035350260901877",
"48388560018899975588189046785252654529",
"261901743359053347146790267173023104987",
"307644484239422863601471837353275368912",
"176332053495123133507309196490829896605",
"323589299298277861054358827003843347974",
"28547117671666146593711377468577478431",
"171333452854614614648488981435552391449",
"334395012224011817425370836445045078535",
"26111335624330013360521534319313497519",
"266821887424731514123034154167411288515",
"25447854650120164534391751663801069979",
"327234130101062182132427137447014610783",
"159079352578140155719879666040575442732",
"56641894742932420552591561377705977110",
"152912504076660897336789472398717619022",
"33906086985070029895642435956578985079",
"230097608567604611718010811238591773295",
"283232720140953370980512360494506939622",
"188068747475457696627226028899988535556",
"321509063608130991665151037753226722147",
"302949476307151174658676864277013884656",
"317991733007872837764271201616247537332",
"141768626499739944874964223599756327275",
"103513362096957724745752878078729772662",
"165720724189363332595105183712098095657",
"213669649980921230164748039476807524078",
"278848706141794982063792174636189529544",
"83464867095809643361568066103600843157",
"99155559758259427326448968642695258977",
"133536398020341505954534705639892918817",
"295254574363935325581513836999733578835",
"203136309299955687542531606834298261261",
"28351150684673421230011221202913902551",
"105213459459570488306833114628324582823",
"150393883604825164261125322830224564432",
"7322178836093550152217245921517121601",
"208555204237619035409437617326673453382",
"69980791114788433178778901064012690845",
"111582348291770140753196794814080666974",
"182842265259205944363665646648920181649",
"142031272278059470626236525227376139855",
"146365932269968186626338745068982218388",
"297840103747106103489247109123754561034",
"15563753485887060882806852773665310102",
"204958722603496130489783024501384446657",
"52952650195088612365759691771035869222",
"289737150032685633002567751935030688566",
"294603045187479088122863961876354866468",
"255403995450770575122846272910852398748",
"20559693802094135355274655986531866153",
"40494958459989259073120009719054271166",
"21695092667311571725913497271549289127",
"200202199171036848171812577072777966837",
"243057938335440837846554953894876672073",
"239421360128750571614283472190588109249",
"145860006630588336152315330130957040034",
"204005586689554083245857935146798685820",
"167015424144793724895002381029642619492",
"218435309553503918082886926695327921477",
"87949967545735998827221793577691630035",
"172936496441426647203921872944039142492",
"164267180215824700930871996614690917122",
"131556727908386932494181408771695405806",
"271627373123688872534993878325267034228",
"18364144360704496106071289164749629822",
"26676772014427311647508812586048365181",
"339014513781378484133674874511558397878",
"76011477818279422107665507817830027754",
"33969356981804966307708670647616806805",
"308648868682388008881526641693864311327",
"240336815238153821223253112225200513380",
"183426384361946385474998866494890955479",
"253020265647369308575475026557585160446",
"217507894517799465948790320424585067027",
"154650079309687025265711702369329916300",
"224966538183654662635547846678170495540",
"153266905823553643692493609271176621560",
"146725461065721510000280617900680856366",
"4229462487597641839469268384344992101",
"53717912032287449548674700205159532859",
"48021297176697479224559806049979980360",
"303947384015353139543437970395630434309",
"280356914673185159874168905764325576218",
"192254923037187130481602185671254937903",
"99999582607575932425425703254378837543",
"309706439792041737141289277193048449921",
"324748200011652523415297010377685851577",
"211811574193521626578506715468106834156",
"260149460405364405285219849237153422697",
"226884959753414229757505685733062883085",
"186948627384224449206655777720868819784",
"38810970074185088631695875232190053790",
"27478797108306352467018482344266443329",
"304022615912595311752183980058035205701",
"149733089642629124580782758979305825381",
"65613085247483612926573864999451422540",
"287367316625471749782398696303580357976",
"46222446102890343579882219450402325543",
"217751011054620762328976154385889607211",
"223674990117998315544811432133763514393",
"301632747045236765709829602257048062176",
"317971202453778553466141153584909822225",
"187251091696734224064650643454611184125",
"76029178714483655219853895106846785373",
"38744611620166088143246250994298655398",
"52897369843780487064679246906830909193",
"251047019546816087681699781443042620198",
"178750544375494593575796502520157044375",
"317822795472935949728264787005721104550",
"235670051893760636286794743993557747677",
"144511123968619370157539121928235807758",
"333074141710635353878506192750459148821",
"17796315904687122028133488608343116889",
"259392448332287048425503879140271109699",
"226503316293263377468231564785337444419",
"263096118317057747137590189610829072104",
"101183740133082148148942903016268110466",
"37194199808753995600750662872922213834",
"243871890968892327296449964767250524638",
"152805933660972115938685077011252904300",
"259336958830447301668384249554204296132",
"239932998423781011822415815175999028881",
"159524618340104038336147638933635191576",
"223146673687394241126074151815243409886",
"165364225576327166500434532982342313204",
"259336958830447301668384249554204296132",
"239932998423781011822415815175999028881",
"159524618340104038336147638933635191576",
"97235824124646500755070299067597799344"
]
},
"signature_type": "Line"
},
{
"source": "https://github.com/swoole/swoole-src/commit/4cdbce5d9bf2fe596bb6acd7d6611f9e8c253a76",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "php_swoole_unserialize",
"file": "swoole_serialize.c"
},
"id": "CVE-2018-15503-8c035274",
"digest": {
"length": 1361.0,
"function_hash": "269618928546804415795011286133509488357"
},
"signature_type": "Function"
},
{
"source": "https://github.com/swoole/swoole-src/commit/4cdbce5d9bf2fe596bb6acd7d6611f9e8c253a76",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "swoole_unserialize_object",
"file": "swoole_serialize.c"
},
"id": "CVE-2018-15503-dcc8d327",
"digest": {
"length": 1598.0,
"function_hash": "297101157815826533612672663763451683258"
},
"signature_type": "Function"
},
{
"source": "https://github.com/swoole/swoole-src/commit/4cdbce5d9bf2fe596bb6acd7d6611f9e8c253a76",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "swoole_unserialize_arr",
"file": "swoole_serialize.c"
},
"id": "CVE-2018-15503-f8bc6d1f",
"digest": {
"length": 3756.0,
"function_hash": "308964144600458560027825076945430563540"
},
"signature_type": "Function"
}
]