Vulnerability identifier: #VU9956
Vulnerability risk: Low
Exploitation vector: Network
Vendor: PHP Group
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a buffer over-read while unserializing untrusted data in the finish_nested_data function in ext/standard/var_unserializer.re. A remote attacker can perform a denial of service attack.
The vendor has issued the following versions to address this vulnerability: 5.6.31, 7.0.21, 7.1.7.
Vulnerable software versions
PHP: 5.6.0 - 5.6.30, 7.0.0 - 7.0.20, 7.1.0 - 7.1.6
Fixed software versions
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?