Lucene search
Cy1337H1:261335HistoryAug 18, 2017 - 1:20 p.m.
Internet Bug Bounty: Heap Use After Free Read in unserialize()
2017-08-1813:20:37
cy1337
hackerone.com
37
0.01 Low
EPSS
Percentile
83.7%
ext/standard/var_unserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x through 7.1.8 is prone to a heap use after free while unserializing untrusted data, related to improper use of the hash API for key deletion in a situation with an invalid array size. Exploitation of this issue can have an unspecified impact on the integrity of PHP.
This is CVE-2017-12932 and the bug report confirming that I reported the issue is here: https://bugs.php.net/bug.php?id=74103
Related
openvas
openvas
PHP 7.0.x < 7.0.23, 7.1.x < 7.1.9 Use-After-Free Vulnerability - Windows
2021-11-29 00:00:00
PHP 7.0.x < 7.0.23, 7.1.x < 7.1.9 Use-After-Free Vulnerability - Linux
2021-11-29 00:00:00
SUSE: Security Advisory (SUSE-SU-2017:2468-1)
2021-06-09 00:00:00
redhatcve
redhatcve
CVE-2017-12932
2019-10-07 17:03:08
prion
prion
Design/Logic Flaw
2017-08-18 03:29:00
debiancve
debiancve
CVE-2017-12932
2017-08-18 03:29:00
cve
cve
CVE-2017-12932
2017-08-18 03:29:00
cvelist
cvelist
CVE-2017-12932
2017-08-18 03:00:00
veracode
veracode
Use-After-Free
2019-05-16 02:59:59
Use After Free
2019-05-16 02:59:58
osv
osv
CVE-2017-12932
2017-08-18 03:29:00
php7.0 - security update
2018-01-08 00:00:00
ubuntucve
ubuntucve
CVE-2017-12932
2017-08-18 00:00:00
nessus
nessus
PHP 7.0.x < 7.0.23 Heap-based Buffer Overflow Vulnerability
2019-03-01 00:00:00
PHP 7.1.x < 7.1.9 Heap-based Buffer Overflow Vulnerability
2019-03-01 00:00:00
PHP 7.2.x < 7.2.0 Heap-based Buffer Overflow Vulnerability
2019-03-01 00:00:00
nvd
nvd
CVE-2017-12932
2017-08-18 03:29:00
gentoo
gentoo
PHP: Multiple vulnerabilities
2017-09-24 00:00:00
debian
debian
[SECURITY] [DSA 4080-1] php7.0 security update
2018-01-08 22:30:09
redhat
redhat
ibm
ibm