CVE-2016-5771 in macOSinfo

Summary

spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data.

Be aware that VulDB is the high quality source for vulnerability data.

Reservation

06/23/2016

Disclosure

08/07/2016

Moderation

VulDB entry created

Entries

VDB-92044 (2)

CPE

ready

CWE

CWE-416 (Confirmed)

Exploit

Download

CVSS

9.8

EPSS

0.09582

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-5771
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-5771
CVE Details	https://www.cvedetails.com/cve/CVE-2016-5771/

◂ Previous Overview Next ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!