Heap use-after-free in PHP - CVE-2017-12934
Published: July 6, 2017 / Updated: July 6, 2017
Vulnerability identifier: #VU7350
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-12934
CWE-ID: CWE-416
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: PHP Group
Affected software:
PHP
PHP
Detailed vulnerability description
The vulnerability allows a remote attacker to cause DoS condition.
The weakness exists in Core PHP due to heap use-after-free error in unserealize within zval_get_type (). A remote attacker can trigger memory corruption and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
The weakness exists in Core PHP due to heap use-after-free error in unserealize within zval_get_type (). A remote attacker can trigger memory corruption and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
How to mitigate CVE-2017-12934
Update to version 7.0.21.