CVE-2016-5773 in macOSinfo

Summary

php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data containing a ZipArchive object.

Be aware that VulDB is the high quality source for vulnerability data.

Reservation

06/23/2016

Disclosure

08/07/2016

Moderation

VulDB entry created

Entries

VDB-92046 (2)

CPE

ready

CWE

CWE-416 (Confirmed)

Exploit

Download

CVSS

9.8

EPSS

0.16127

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-5773
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-5773
CVE Details	https://www.cvedetails.com/cve/CVE-2016-5773/

◂ Previous Overview Next ▸

Do you know our Splunk app?

Download it now for free!