PT-2017-2560 · Php+1 · Php+1

Adam Mariš

Published

2016-10-05

Updated

2017-06-16

CVE-2016-4473

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions PHP versions 5.6.x through 7.0.7

Description The issue is related to the /ext/phar/phar object.c component in PHP, which is associated with the use of memory after it has been freed. This can allow a remote attacker to execute arbitrary code. The problem was introduced as part of an incomplete fix to a previous issue.

Recommendations For PHP version 5.6.x, update to a version that includes a complete fix for the issue. For PHP version 7.0.7, update to a version that includes a complete fix for the issue. As a temporary workaround, consider restricting access to the /ext/phar/phar object.c component until a patch is available.

Exploit

Fix

RCE

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2017-01772

CVE-2016-4473

DLA-628-1

RHSA-2016:2750

SUSE-SU-2016:2460-1

SUSE-SU-2016:2460-2

SUSE-SU-2016_2460-1

SUSE-SU-2016_2460-2

Affected Products

Php

Suse

PT-2017-2560 · Php+1 · Php+1

CVE-2016-4473

Weakness Enumeration

Related Identifiers

Affected Products

References · 161