Vulnerability CVE-2016-7479

Vulnerability Name:

CVE-2016-7479 (CCN-121251)

Assigned:

2016-12-27

Published:

2016-12-27

Updated:

2018-05-04

Summary:

In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution.

CVSS v3 Severity:

9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

9.8 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-416

Vulnerability Consequences:

Gain Access

References:

Source: MISC
Type: Third Party Advisory
http://blog.checkpoint.com/2016/12/27/check-point-discovers-three-zero-day-vulnerabilities-web-programming-language-php-7

Source: CCN
Type: Check Point Blog, 2016/12/27
Check Point discovers three Zero-Day Vulnerabilities in web programming language PHP 7

Source: MISC
Type: Exploit, Technical Description, Third Party Advisory
http://blog.checkpoint.com/wp-content/uploads/2016/12/PHP_Technical_Report.pdf

Source: MITRE
Type: CNA
CVE-2016-7479

Source: CCN
Type: PHP Web site
PHP

Source: BID
Type: Third Party Advisory, VDB Entry
95151

Source: CCN
Type: BID-95151
PHP CVE-2016-7479 Denial of Service Vulnerability

Source: SECTRACK
Type: UNKNOWN
1037659

Source: REDHAT
Type: UNKNOWN
RHSA-2018:1296

Source: CCN
Type: PHP Bug #73092
Unserialize use-after-free when resizing object's properties hash table

Source: MISC
Type: Issue Tracking, Permissions Required
https://bugs.php.net/bug.php?id=73092

Source: XF
Type: UNKNOWN
php-cve20167479-code-exec(121251)

Source: CONFIRM
Type: UNKNOWN
https://security.netapp.com/advisory/ntap-20180112-0001/

Source: MISC
Type: Technical Description
https://www.youtube.com/watch?v=LDcaPstAuPk

Vulnerable Configuration:

Configuration 1:

cpe:/a:php:php:7.0.0:-:*:*:*:*:*:*

OR cpe:/a:php:php:7.0.1:-:*:*:*:*:*:*

OR cpe:/a:php:php:7.0.2:-:*:*:*:*:*:*

OR cpe:/a:php:php:7.0.3:-:*:*:*:*:*:*

OR cpe:/a:php:php:7.0.4:-:*:*:*:*:*:*

OR cpe:/a:php:php:7.0.5:-:*:*:*:*:*:*

OR cpe:/a:php:php:7.0.6:-:*:*:*:*:*:*

OR cpe:/a:php:php:7.0.7:-:*:*:*:*:*:*

OR cpe:/a:php:php:7.0.8:-:*:*:*:*:*:*

OR cpe:/a:php:php:7.0.9:-:*:*:*:*:*:*

OR cpe:/a:php:php:7.0.10:-:*:*:*:*:*:*

OR cpe:/a:php:php:7.0.11:-:*:*:*:*:*:*

OR cpe:/a:php:php:7.0.12:-:*:*:*:*:*:*

OR cpe:/a:php:php:7.0.14:-:*:*:*:*:*:*

OR cpe:/a:php:php:7.1.0:-:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:php:php:7.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20167479	V	CVE-2016-7479	2022-09-02
oval:org.opensuse.security:def:10439	P	Security update for SDL2 (Important) (in QA)	2022-01-12
oval:org.opensuse.security:def:9885	P	Security update for SDL2 (Important) (in QA)	2022-01-12
oval:org.opensuse.security:def:10710	P	Security update for the Linux Kernel (Important) (in QA)	2022-01-07
oval:org.opensuse.security:def:10372	P	Security update for aaa_base (Moderate)	2021-12-03
oval:org.opensuse.security:def:10176	P	Security update for java-1_8_0-openjdk (Important)	2021-11-23
oval:org.opensuse.security:def:10170	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:10154	P	Security update for ghostscript (Critical)	2021-09-15
oval:org.opensuse.security:def:10148	P	Security update for ffmpeg (Important)	2021-09-02
oval:org.opensuse.security:def:10140	P	Security update for java-1_8_0-openjdk (Important)	2021-08-20
oval:org.opensuse.security:def:14959	P	libXi6-1.7.4-18.6.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14937	P	kernel-default-4.12.14-120.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14299	P	libthai-data-0.1.25-4.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:13930	P	libmspack0-0.4-14.4 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14231	P	libgssglue1-0.4-3.76 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14206	P	libXvnc1-1.6.0-18.11.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14113	P	cups-pk-helper-0.2.5-5.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14094	P	bash-4.3-82.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14076	P	aaa_base-13.2+git20140911.61c1681-36.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14028	P	rsyslog-8.4.0-14.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:13960	P	libsrtp1-1.5.2-2.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:13938	P	libpango-1_0-0-1.40.1-9.5 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14286	P	libsmi-0.4.8-18.55 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14275	P	libpng16-16-1.6.8-14.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:11099	P	Security update for fossil (Moderate)	2021-07-17
oval:org.opensuse.security:def:10685	P	Security update for the Linux Kernel (Important)	2021-07-15
oval:org.opensuse.security:def:38799	P	Security update for curl (Moderate)	2021-06-30
oval:org.opensuse.security:def:10112	P	Security update for ovmf (Important)	2021-06-25
oval:org.opensuse.security:def:10278	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:17293	P	python-devel-2.7.13-28.11.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17262	P	libmwaw-0_3-3-0.3.13-7.9.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17205	P	libuuid-devel-2.29.2-2.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17120	P	libgio-fam-2.48.2-10.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17086	P	python-devel-2.7.9-20.6 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:124641	P	php7-devel-7.0.7-50.52.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16349	P	php7-devel-7.0.7-49.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16635	P	php7-devel-7.0.7-50.52.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17219	P	typelib-1_0-EvinceDocument-3_0-3.20.1-5.66 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17187	P	libid3tag0-0.15.1b-182.58 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17077	P	libssh4-0.6.3-8.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17041	P	argyllcms-1.6.3-1.179 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17010	P	lcms-1.19-17.31 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17288	P	libzmq3-4.0.4-14.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17078	P	libtag1-32bit-1.9.1-1.265 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17276	P	libraw9-0.15.4-21.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11434	P	pcsc-ccid-1.4.14-1.45 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11412	P	libvorbis0-1.3.3-8.23 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:10087	P	Security update for polkit (Important)	2021-06-03
oval:org.opensuse.security:def:10263	P	Security update for ceph (Important)	2021-06-02
oval:org.opensuse.security:def:9863	P	Security update for git (Important)	2021-03-09
oval:org.opensuse.security:def:10216	P	Security update for wpa_supplicant (Important)	2021-03-08
oval:org.opensuse.security:def:9855	P	Security update for bind (Important)	2021-03-02
oval:org.opensuse.security:def:10397	P	Security update for salt (Critical)	2021-02-26
oval:org.opensuse.security:def:10163	P	Security update for python-urllib3 (Moderate)	2021-02-08
oval:org.opensuse.security:def:10297	P	Security update for go1.14 (Moderate)	2021-01-26
oval:org.opensuse.security:def:11121	P	Security update for viewvc (Moderate)	2021-01-19
oval:org.opensuse.security:def:17329	P	imobiledevice-tools-1.2.0-7.31 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:17310	P	cyrus-sasl-digestmd5-32bit-2.1.26-8.7.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16826	P	libid3tag-devel-0.15.1b-184.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16953	P	procps-devel-3.3.9-11.18.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16868	P	libpng12-compat-devel-1.2.50-19.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16834	P	libjpeg62-devel-62.2.0-31.14.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16948	P	php7-devel-7.0.7-50.85.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:10774	P	libplist++-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10448	P	gnome-shell-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10453	P	hplip-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:39479	P	Security update for php7 (Important)	2020-12-01
oval:org.opensuse.security:def:39437	P	Security update for python-pip (Moderate)	2020-12-01
oval:org.opensuse.security:def:10610	P	xfig on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:17540	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:37937	P	libpcre1-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10591	P	python3-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:17528	P	Security update for xfsprogs (Moderate)	2020-12-01
oval:org.opensuse.security:def:10576	P	nut-cgi on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38639	P	libXRes1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10529	P	libpcscspy0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38580	P	dosfstools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10483	P	libapr1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38420	P	mutt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10461	P	lib3ds-1-3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38330	P	libncurses5-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10761	P	libmusicbrainz-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38272	P	libass5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10752	P	libjson-c-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38170	P	dovecot22 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10836	P	php7-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38033	P	policycoreutils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10814	P	libxslt-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37949	P	libpython3_4m1_0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38755	P	mutt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37938	P	libpcsclite1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38727	P	libspice-client-glib-2_0-8 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38688	P	libjpeg-turbo on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:17974	P	Security update for php7 (Important)	2020-12-01
oval:org.opensuse.security:def:17948	P	Security update for libtasn1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:10012	P	w3m on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9993	P	squidGuard on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9978	P	python-requests on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9931	P	libusbmuxd4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:18226	P	Security update for php7 (Important)	2020-12-01
oval:org.opensuse.security:def:18200	P	Security update for libapr-util1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:17562	P	Security update for php5 (Important)	2020-12-01
oval:org.opensuse.security:def:17471	P	Security update for perl-DBI (Important)	2020-12-01
oval:org.opensuse.security:def:17439	P	Security update for grub2 (Important)	2020-12-01
oval:com.ubuntu.xenial:def:201674790000000	V	CVE-2016-7479 on Ubuntu 16.04 LTS (xenial) - medium.	2017-01-12
oval:com.ubuntu.precise:def:20167479000	V	CVE-2016-7479 on Ubuntu 12.04 LTS (precise) - medium.	2017-01-11
oval:com.ubuntu.trusty:def:20167479000	V	CVE-2016-7479 on Ubuntu 14.04 LTS (trusty) - medium.	2017-01-11
oval:com.ubuntu.xenial:def:20167479000	V	CVE-2016-7479 on Ubuntu 16.04 LTS (xenial) - medium.	2017-01-11

BACK