CVE-2016-10161

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.6.30 PHP versions 7.0.x prior to 7.0.15 PHP versions 7.1.x prior to 7.1.1

Description The issue is related to a buffer over-read in the object common1 function, allowing remote attackers to cause a denial of service via crafted serialized data. This data is mishandled in a finish nested data call, leading to an application crash.

Recommendations For PHP versions prior to 5.6.30, update to version 5.6.30 or later. For PHP versions 7.0.x prior to 7.0.15, update to version 7.0.15 or later. For PHP versions 7.1.x prior to 7.1.1, update to version 7.1.1 or later. As a temporary workaround, consider restricting the use of the object common1 function until a patch is available. Avoid using specially crafted serialized data in the affected API endpoints until the issue is resolved.