7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
0.022 Low
EPSS
Percentile
89.5%
The PHP project reports:
Core:
Fixed bug #69793 (Remotely triggerable stack exhaustion via
recursive method calls).
Fixed bug #70121 (unserialize() could lead to unexpected methods
execution / NULL pointer deref).
OpenSSL:
Fixed bug #70014 (openssl_random_pseudo_bytes() is not
cryptographically secure).
Phar:
Improved fix for bug #69441.
Fixed bug #70019 (Files extracted from archive may be placed
outside of destination directory).
SOAP:
Fixed bug #70081 (SoapClient info leak / null pointer
dereference via multiple type confusions).
SPL:
Fixed bug #70068 (Dangling pointer in the unserialization of
ArrayObject items).
Fixed bug #70166 (Use After Free Vulnerability in unserialize()
with SPLArrayObject).
Fixed bug #70168 (Use After Free Vulnerability in unserialize()
with SplObjectStorage).
Fixed bug #70169 (Use After Free Vulnerability in unserialize()
with SplDoublyLinkedList).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | php5 | < 5.4.44 | UNKNOWN |
FreeBSD | any | noarch | php5-openssl | < 5.4.44 | UNKNOWN |
FreeBSD | any | noarch | php5-phar | < 5.4.44 | UNKNOWN |
FreeBSD | any | noarch | php5-soap | < 5.4.44 | UNKNOWN |
FreeBSD | any | noarch | php55 | < 5.5.28 | UNKNOWN |
FreeBSD | any | noarch | php55-openssl | < 5.5.28 | UNKNOWN |
FreeBSD | any | noarch | php55-phar | < 5.5.28 | UNKNOWN |
FreeBSD | any | noarch | php55-soap | < 5.5.28 | UNKNOWN |
FreeBSD | any | noarch | php56 | < 5.6.12 | UNKNOWN |
FreeBSD | any | noarch | php56-openssl | < 5.6.12 | UNKNOWN |
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
0.022 Low
EPSS
Percentile
89.5%