Vulnerability Name:

CVE-2016-7480 (CCN-121252)

Assigned:2016-12-27
Published:2016-12-27
Updated:2022-07-20
Summary:The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data.
CVSS v3 Severity:9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
9.8 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-119
Vulnerability Consequences:Gain Access
References:Source: MISC
Type: Third Party Advisory, VDB Entry
http://blog.checkpoint.com/2016/12/27/check-point-discovers-three-zero-day-vulnerabilities-web-programming-language-php-7

Source: CCN
Type: Check Point Blog, 2016/12/27
Check Point discovers three Zero-Day Vulnerabilities in web programming language PHP 7

Source: MISC
Type: Exploit, Technical Description, Third Party Advisory
http://blog.checkpoint.com/wp-content/uploads/2016/12/PHP_Technical_Report.pdf

Source: MITRE
Type: CNA
CVE-2016-7480

Source: CCN
Type: PHP Web site
PHP

Source: MISC
Type: Release Notes, Vendor Advisory
http://php.net/ChangeLog-7.php

Source: BID
Type: Third Party Advisory, VDB Entry
95152

Source: CCN
Type: BID-95152
PHP CVE-2016-7480 Remote Code Execution Vulnerability

Source: CCN
Type: PHP Bug #73257
pointer to uninitialized memory passed to unserialize

Source: MISC
Type: Issue Tracking, Patch, Vendor Advisory
https://bugs.php.net/bug.php?id=73257

Source: XF
Type: UNKNOWN
php-cve20167480-code-exec(121252)

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/php/php-src/commit/61cdd1255d5b9c8453be71aacbbf682796ac77d4

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20180112-0001/

Source: MISC
Type: Broken Link, Third Party Advisory
https://www.youtube.com/watch?v=LDcaPstAuPk

Vulnerable Configuration:Configuration 1:
  • cpe:/a:php:php:*:*:*:*:*:*:*:* (Version >= 7.0.0 and < 7.0.11)

  • Configuration 2:
  • cpe:/a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:php:php:7.0.11:-:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20167480
    V
    CVE-2016-7480
    2022-09-02
    oval:org.opensuse.security:def:10439
    P
    Security update for SDL2 (Important) (in QA)
    2022-01-12
    oval:org.opensuse.security:def:9885
    P
    Security update for SDL2 (Important) (in QA)
    2022-01-12
    oval:org.opensuse.security:def:10710
    P
    Security update for the Linux Kernel (Important) (in QA)
    2022-01-07
    oval:org.opensuse.security:def:10372
    P
    Security update for aaa_base (Moderate)
    2021-12-03
    oval:org.opensuse.security:def:10176
    P
    Security update for java-1_8_0-openjdk (Important)
    2021-11-23
    oval:org.opensuse.security:def:10170
    P
    Security update for qemu (Important)
    2021-11-04
    oval:org.opensuse.security:def:10154
    P
    Security update for ghostscript (Critical)
    2021-09-15
    oval:org.opensuse.security:def:10148
    P
    Security update for ffmpeg (Important)
    2021-09-02
    oval:org.opensuse.security:def:10140
    P
    Security update for java-1_8_0-openjdk (Important)
    2021-08-20
    oval:org.opensuse.security:def:14959
    P
    libXi6-1.7.4-18.6.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:14937
    P
    kernel-default-4.12.14-120.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:14299
    P
    libthai-data-0.1.25-4.2 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:13930
    P
    libmspack0-0.4-14.4 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:14231
    P
    libgssglue1-0.4-3.76 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:14206
    P
    libXvnc1-1.6.0-18.11.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:14113
    P
    cups-pk-helper-0.2.5-5.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:14094
    P
    bash-4.3-82.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:14076
    P
    aaa_base-13.2+git20140911.61c1681-36.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:14028
    P
    rsyslog-8.4.0-14.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:13960
    P
    libsrtp1-1.5.2-2.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:13938
    P
    libpango-1_0-0-1.40.1-9.5 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:14286
    P
    libsmi-0.4.8-18.55 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:14275
    P
    libpng16-16-1.6.8-14.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:11099
    P
    Security update for fossil (Moderate)
    2021-07-17
    oval:org.opensuse.security:def:10685
    P
    Security update for the Linux Kernel (Important)
    2021-07-15
    oval:org.opensuse.security:def:38799
    P
    Security update for curl (Moderate)
    2021-06-30
    oval:org.opensuse.security:def:10112
    P
    Security update for ovmf (Important)
    2021-06-25
    oval:org.opensuse.security:def:10278
    P
    Security update for ucode-intel (Important)
    2021-06-10
    oval:org.opensuse.security:def:17293
    P
    python-devel-2.7.13-28.11.2 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:17262
    P
    libmwaw-0_3-3-0.3.13-7.9.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:17205
    P
    libuuid-devel-2.29.2-2.3 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:17120
    P
    libgio-fam-2.48.2-10.2 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:17086
    P
    python-devel-2.7.9-20.6 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:124641
    P
    php7-devel-7.0.7-50.52.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:16349
    P
    php7-devel-7.0.7-49.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:16635
    P
    php7-devel-7.0.7-50.52.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:17219
    P
    typelib-1_0-EvinceDocument-3_0-3.20.1-5.66 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:17187
    P
    libid3tag0-0.15.1b-182.58 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:17077
    P
    libssh4-0.6.3-8.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:17041
    P
    argyllcms-1.6.3-1.179 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:17010
    P
    lcms-1.19-17.31 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:17288
    P
    libzmq3-4.0.4-14.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:17078
    P
    libtag1-32bit-1.9.1-1.265 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:17276
    P
    libraw9-0.15.4-21.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11434
    P
    pcsc-ccid-1.4.14-1.45 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11412
    P
    libvorbis0-1.3.3-8.23 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:10087
    P
    Security update for polkit (Important)
    2021-06-03
    oval:org.opensuse.security:def:10263
    P
    Security update for ceph (Important)
    2021-06-02
    oval:org.opensuse.security:def:9863
    P
    Security update for git (Important)
    2021-03-09
    oval:org.opensuse.security:def:10216
    P
    Security update for wpa_supplicant (Important)
    2021-03-08
    oval:org.opensuse.security:def:9855
    P
    Security update for bind (Important)
    2021-03-02
    oval:org.opensuse.security:def:10397
    P
    Security update for salt (Critical)
    2021-02-26
    oval:org.opensuse.security:def:10163
    P
    Security update for python-urllib3 (Moderate)
    2021-02-08
    oval:org.opensuse.security:def:10297
    P
    Security update for go1.14 (Moderate)
    2021-01-26
    oval:org.opensuse.security:def:11121
    P
    Security update for viewvc (Moderate)
    2021-01-19
    oval:org.opensuse.security:def:17329
    P
    imobiledevice-tools-1.2.0-7.31 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:17310
    P
    cyrus-sasl-digestmd5-32bit-2.1.26-8.7.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:16826
    P
    libid3tag-devel-0.15.1b-184.3.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:16953
    P
    procps-devel-3.3.9-11.18.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:16868
    P
    libpng12-compat-devel-1.2.50-19.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:16834
    P
    libjpeg62-devel-62.2.0-31.14.2 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:16948
    P
    php7-devel-7.0.7-50.85.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:10774
    P
    libplist++-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10448
    P
    gnome-shell-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10453
    P
    hplip-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:39479
    P
    Security update for php7 (Important)
    2020-12-01
    oval:org.opensuse.security:def:39437
    P
    Security update for python-pip (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10610
    P
    xfig on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:17540
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:37937
    P
    libpcre1-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10591
    P
    python3-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:17528
    P
    Security update for xfsprogs (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10576
    P
    nut-cgi on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38639
    P
    libXRes1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10529
    P
    libpcscspy0 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38580
    P
    dosfstools on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10483
    P
    libapr1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38420
    P
    mutt on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10461
    P
    lib3ds-1-3 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38330
    P
    libncurses5-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10761
    P
    libmusicbrainz-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38272
    P
    libass5 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10752
    P
    libjson-c-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38170
    P
    dovecot22 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10836
    P
    php7-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38033
    P
    policycoreutils on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10814
    P
    libxslt-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37949
    P
    libpython3_4m1_0 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38755
    P
    mutt on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37938
    P
    libpcsclite1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38727
    P
    libspice-client-glib-2_0-8 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38688
    P
    libjpeg-turbo on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:17974
    P
    Security update for php7 (Important)
    2020-12-01
    oval:org.opensuse.security:def:17948
    P
    Security update for libtasn1 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10012
    P
    w3m on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:9993
    P
    squidGuard on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:9978
    P
    python-requests on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:9931
    P
    libusbmuxd4 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:18226
    P
    Security update for php7 (Important)
    2020-12-01
    oval:org.opensuse.security:def:18200
    P
    Security update for libapr-util1 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:17562
    P
    Security update for php5 (Important)
    2020-12-01
    oval:org.opensuse.security:def:17471
    P
    Security update for perl-DBI (Important)
    2020-12-01
    oval:org.opensuse.security:def:17439
    P
    Security update for grub2 (Important)
    2020-12-01
    oval:com.ubuntu.precise:def:20167480000
    V
    CVE-2016-7480 on Ubuntu 12.04 LTS (precise) - medium.
    2017-01-11
    oval:com.ubuntu.xenial:def:201674800000000
    V
    CVE-2016-7480 on Ubuntu 16.04 LTS (xenial) - medium.
    2017-01-11
    oval:com.ubuntu.trusty:def:20167480000
    V
    CVE-2016-7480 on Ubuntu 14.04 LTS (trusty) - medium.
    2017-01-11
    oval:com.ubuntu.xenial:def:20167480000
    V
    CVE-2016-7480 on Ubuntu 16.04 LTS (xenial) - medium.
    2017-01-11
    BACK
    php php *
    netapp clustered data ontap -
    php php 7.0.11 -