ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object.
[
{
"source": "https://github.com/php/php-src/commit/6a7cc8ff85827fa9ac715b3a83c2d9147f33cd43",
"id": "CVE-2016-7411-4e3db367",
"digest": {
"length": 17379.0,
"function_hash": "197201877932423095753011497744349995199"
},
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "php_var_unserialize",
"file": "ext/standard/var_unserializer.c"
},
"signature_type": "Function"
},
{
"source": "https://github.com/php/php-src/commit/6a7cc8ff85827fa9ac715b3a83c2d9147f33cd43",
"id": "CVE-2016-7411-dbd32cdf",
"digest": {
"threshold": 0.9,
"line_hashes": [
"55005567468369368611164292450108655693",
"246272479898581294141415195713097288047",
"34485600507217702948409028682773263832",
"278547630791718218670873286455277713422",
"222456299962666884299276629321257473395",
"35291727437046760115314802880980306756",
"287067800058502421881414060793509803309",
"101784501276207766053882859089922867928",
"253939511003497259484369218287725169133",
"28854856498294819377545712021783898922",
"161166060838058096464842347185669553186",
"181474367725330236228627936428828780565",
"113005512450879757736920393970994251271",
"241505157048853268832102262950265781146",
"3594293359148188515499023312328676559",
"317880390176243499692135436385246080583",
"193970513563683429955243105150124714990",
"151525721448960007540581829422163253235",
"131619494778740792699116875231065282177",
"97078834316856778775959232843576759181",
"39647817218741847542493274976240534278",
"53399692971528912546978676753717806626",
"50321455944084839922867595985294632014",
"76363062086928298842568899046488648244",
"121310170061323753236667896826891593092",
"128955705140024659375197012355314907405",
"289759661604433454892482221109081143288",
"77796733071524313036015902594018077902",
"211886261311299517599288686036131535765",
"257905796037664936509332609224677800107",
"294719735237860765637398476327416445721",
"30186544984719627458477278072339516591",
"305441068158222162468294533060927179439",
"151559251473969236755467963490763668964",
"206609771344544808170079111675682436404",
"211515191059197277653918413978053682008",
"95443189681889067216406488785871226590",
"308046673847943158751923679736638257672",
"218859814643344679439682269398062972195",
"277291754795743228726504095839603148340",
"194262397844047861045831855113705642502",
"290024242022507585635296317920801467716",
"311167309118150055281572606216470766031",
"330413520066767310680612636428544264413",
"230474108440533835333684094958823056084",
"311257223181405248642002688951091133607",
"24144217229067952620893299293690797341",
"329321316663444951586907489049270244205",
"136648458098552707076569962137057554508",
"82760673428223954557907961665546461370",
"231215910029773123735548606864243223410",
"155839203016380286836257821256683757584",
"176629366749378689263014647448583282832",
"53266342243385612284074029149335532682",
"23694691058495523090077191577542601144",
"150274809359088780602000372262436512070",
"12487622487621764019102559827094360717",
"47781428044270170749059019373248861671",
"54273705678320978012838035296399311828",
"179794101545447039629168546290399163481",
"249475901685196263829271550987507219396",
"317605472097912216777276923192795288090",
"24579401128674852397992670066738973964",
"1854016455055092506071419626528115352",
"134168355472264967570266788995525914741",
"263222419994646199297841877693260588443",
"320231330622748172812437813276035096047",
"255725133322402644474336621799037170610",
"269359942060036654764862195073508939172",
"297964171743260663501010808886629588488",
"337636376025793233532488051128922728120",
"145284742622917905257553948364815146187",
"210472830864426651601698575483131339672",
"275915474511306188687583608935975887020",
"243961518786470081839207540806906918506",
"285299313028876497852273669209173833",
"187734228061571723413972040309685766688",
"243258424090245420339006281115630598526",
"308504603051266190607283646063077786272",
"122826297022855562295195540654569735301",
"332176875234483346258249651027821994726",
"251345270070948803649407850518045144912",
"141690066428905485990073034514404723267",
"240889254644274709379433592536123696023",
"119958680353381827621805632412498437634",
"50518464435721013707919341030016996650",
"56253076259826668724418967402968895253",
"53379192866757622336511509513884239024",
"150696814693602207726377780430234084224",
"133442979430562036665962443127864315173",
"90400745467137888392261426847917185848",
"111664045586250202426077714417272175202",
"52745000606477910756160017957810204591",
"51388981653003571918957703208683824275",
"220842215606896123331208628535140840845",
"213130249033199032046794315182446528821",
"198848032088164164842610262148194913184",
"217234025122291971479387091720116050043",
"48321505421424209326462008918037663437",
"310674237259908621624993214360276582444",
"47688906624705284611146428620712817051",
"313570138683617402028941989883696069615",
"325169024165300323148198388953566181754",
"322407698099982339444906360000862459888",
"15870367119770213525165174176275302103",
"19315970461890823688547745879354936582",
"83957370982233078642358265407006918363",
"5054797208326398475430903325449572218",
"89200285419740357544164914365775158142",
"165533313376618712400587195006111190580",
"195106869869900706566048242934186007141",
"313665715046923223985413781374347826368",
"67359400705853892981826238089652335934",
"133568321140615378063136281284471376761",
"179959986549877895638117203607717438681",
"52517111705528323124995868428434206605",
"324631387007369028660060934811745335097",
"68632674874864205532735732825981601566",
"114252392422215708369766956664663245574",
"217700298932011312419715712097098716932",
"128137643549413381108879600176764217678",
"308838117747157307222935522133103533577",
"463303861336674666643253306916977490",
"185634801050596730427157755406483480165",
"324221861419028180721437023182991746805"
]
},
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "ext/standard/var_unserializer.c"
},
"signature_type": "Line"
},
{
"source": "https://github.com/php/php-src/commit/6a7cc8ff85827fa9ac715b3a83c2d9147f33cd43",
"id": "CVE-2016-7411-de0ce1d8",
"digest": {
"length": 897.0,
"function_hash": "150567426693144971353226408083285206335"
},
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "object_common2",
"file": "ext/standard/var_unserializer.c"
},
"signature_type": "Function"
},
{
"source": "https://github.com/php/php-src/commit/6a7cc8ff85827fa9ac715b3a83c2d9147f33cd43",
"id": "CVE-2016-7411-df346122",
"digest": {
"threshold": 0.9,
"line_hashes": [
"128864551113351862900506164399088993545",
"19298251420475046602189816513773744015",
"4484577886989682523671866163858172222",
"236040157415594621944818356707533437887",
"104717128424993184406260918563436280355",
"127821859003941900418467277861989027831",
"25057723501374932745851002821459632518"
]
},
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "Zend/zend_objects_API.c"
},
"signature_type": "Line"
}
]