CVE-2016-7478

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2016-7478
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-7478.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-7478
Downstream
Related
Published
2017-01-11T06:59:00.130Z
Modified
2025-11-14T09:23:52.899108Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876.

References

Affected packages

Git / github.com/php/php-src

Affected ranges

Type
GIT
Repo
https://github.com/php/php-src
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
00f84126d1da20124b1d037a9524925466f2fc5a
Last affected
01636566a2c1c468d932b839a9251f0827c020d9
Last affected
0183c29cb3921926855ed6f5e7cea7851fb8a5a1
Last affected
02db9931c8ccbe7ab0b4adb9af44577c27213eeb
Last affected
0351fd55523b8c9e437161c6334fe413280eaa6c
Last affected
038c63cdea0472176ec2fdb162cfbd96e8c5f83e
Last affected
03cb63bc1da6344f65a075f25721d29b59670cfe
Last affected
0778c40868892f2751a3aa48a7ad3d4d3c4e68ad
Last affected
0780256c196a8a32f104a804b2d6eb029ccafa6a
Last affected
0843bcd6f6fdcf2a5eca92375fd72cda868eb54b
Last affected
095b48f772392dbd57286d4ab47146b5657fbdb6
Last affected
0c213226c813dbff4b716e56a2a69e8d2fb852cc
Last affected
0d135ccbf0e320e5d8b973581aac56664fe92a72
Last affected
0d53ab04b4d477f98fbaf738ef41c67b5fe7ec1f
Last affected
11d102ebbcbbd008a6e50ddc65849dfcfb568da4
Last affected
124321fce57086b7ecc747f85cb02dd1913acfa6
Last affected
12a6ea6fff1a9fa3cca1e34400b8a8a66f52ebb4
Last affected
13616e8856076ee7bd3d661fd492326565ae48ff
Last affected
13adcc108d882e792b765fbfc4849eb7bd4e9863
Last affected
140e2adb5ab8a5ed0624366c0416f07b8aa17254
Last affected
14847c56c5df4b8358c010e6c4fc83d6db1bf43a
Last affected
1749f34d99fff5d87c8c5687e57b69d9cf018bf8
Last affected
184d4e9fded736b607167a4185eabfbd083322b9
Last affected
1a1c34a111511756de9f4afb4fe59ca6129bdf9b
Last affected
1b277a2878f995dbe63d2ad60d0f1f876b261e4e
Last affected
1bfb88081d1fb0211feaa18b8a5b635fc03594b8
Last affected
1cb70365152dc6cdf97333b4d6c033fdf82c6c40
Last affected
23bf3f418817f80991071ec413a0f1b97481cb88
Last affected
23fae3e23d1ba4de3c22ecc251b4c5a579a3ddf9
Last affected
24324791c23de1d66d1ff7787b472db30d1af228
Last affected
249a8fd9ae2324c84ede7ecfca6f6026e6d87df6
Last affected
254298cea9b1721b7537255b44f59d18166e6608
Last affected
27b47d76856be7998417f67895f44918278e35de
Last affected
29b4532f618973b80b6b7017b44139995dce697c
Last affected
2c1949d4e7fb4248c2a6b95b45094951c3607c8d
Last affected
2c2d0de09e522fe097bfcebfb758171eb6aa5270
Last affected
2c9b4e87a0bf3890a3f12d9929123f4e49d0b1f5
Last affected
2c9fcbabe8f7780c8566d9baddb5aae36fdce84b
Last affected
2e46e23bb9325bc4959fe358389a12690f3e78f9
Last affected
2ee57e588699f7de26fe580c728675e780a2be8c
Last affected
2f0d051bfd43315bedfff2de3137abd2c67741a6
Last affected
3156580a34b947e4325fdd165015904153790c39
Last affected
32246bf50749709a9f99feda09088181598e5121
Last affected
326ab8b147485eeb1ca023807272bc1994bcd7de
Last affected
3548b2e2c5bbe361c3c95a4df563e81f33da4b7e
Last affected
38980c9ea4156ce52a53f9f3e1007ea3d787fa11
Last affected
3a857b95cea35987aaef93fb08e6e9cbd6c6f483
Last affected
3ac3e659d8aa9414fbe208adc3a7a9eea3d39081
Last affected
3cb1be7a1b71f4a9f2852d471af0bbfef5308278
Last affected
3e44943db6ceb0df75e1a94e21c55d62c8547b7e
Last affected
4054ec69da7631046f19d54ab06f09728a208b8b
Last affected
40eea49f64cc8a4fab18313ee25a872fce784a15
Last affected
4217038ddb12f00824bc7c78db008ef6e2ca4484
Last affected
437f4b193310bdf8bc2c37ffb0f54a9b6ede28eb
Last affected
45e4e84c90903992b82d75df4267107b08a2e0b8
Last affected
46370d548b7803ca38901fe5839e18a3ab93aab5
Last affected
4725986bfa702ecb2374d46437961ab6d5ac3fe1
Last affected
47a5e202bfb6e8b64accd1917b2ea975ee7e03a2
Last affected
4c29cabfe08c85e371e8a20a5333e950c0c890a0
Last affected
4d173e6ba54375edee830122c8970e84a6d3a54d
Last affected
4e1b8701573698f56e12672e4991d7e6239138d2
Last affected
4e573053dc625cc2a92917ab10511759bc19135e
Last affected
50a8b9527a2317ba861ad0b660ff981f69941cfd
Last affected
523bb2473470242c9b167584247bf7c6b4bcb8d5
Last affected
527e8e73c97e282b1efde24cfb95dc0942e0ad59
Last affected
54ffe6a3b77c34e1352611243b9347c9411e4014
Last affected
56336709710599a2854ffbed7b7fb766df9c6e32
Last affected
575aeb37d0f4ce2b5ba9157884a19b8270ae07e3
Last affected
57e698d58263edeb5e15d78e0a968298f65a439f
Last affected
58a3e9586b96278b0a108b9c038b6174deba116b
Last affected
59c5558e5df6b9476eb700f7e57e19429d999959
Last affected
5b205c71a54b6a45c7c20c77020d8ec76a9b88ef
Last affected
60c5de5cd7c0d2544eef6d45777e4a12eb58ca38
Last affected
60fffd296abce5fc071f3c173c25a2696cf683c6
Last affected
61249b01257929e96ce3e2ad7b9f0067a6c44aa4
Last affected
621007164eb4a781f04a62159b15e6ac7f64cc87
Last affected
62cf13d3aa08b15107b02a0505a4f30142fa37b4
Last affected
6632004c6559258a3c8258d0dc847777bacd6818
Last affected
6690cff375f5ffe4ba0e652f30b4b6ea8d35439f
Last affected
67f69d7be0b25cc8a42ad391ecb195b56146e640
Last affected
68e556fc008f46d43716a53bce58d62d0f8b8f5a
Last affected
69797e81ed9917bb199d5cdc44fce6697493e1d2
Last affected
69a5d2ca2aeb24f80107cb608a46ebb9d9f4e8a0
Last affected
6bc1a14f56c45f0bc221f0fe7ed9584c55eb2a1a
Last affected
6c78ce66de2a9c4f872ae67b967a5c6e2a8f6c47
Last affected
6daaf1103b9ea36ecf04c5cffee9e8287fdf39c7
Last affected
704bbb3263d0ec9a6b4a767bbc516e55388f4b0e
Last affected
7317b3d05b7b825a87d06d8ea74e2e0848b9355e
Last affected
733fc5cd48cbbc0ace1530d869e5d69a79049b2e
Last affected
734a5fca2c4731e34eca551f28be9a10ffc3f3c9
Last affected
76b580d87afcbdd170853194ffcb80cee45894bd
Last affected
79f14997b447f5917f16138d00d9877f1eeabae0
Last affected
7d14f7077674f7c8d3c197fef88f4c97e274455a
Last affected
7df3c767b8223c1b7b3e7c4f921519ba9d5ba2a3
Last affected
7fb06ce4d388740d79e18b2a15b5ad5020f38a0f
Last affected
805934fef05d51649c98cd8dc6ee24c40458a47e
Last affected
8244eea4951a30fa959a0e4c59224425f2f8865c
Last affected
82d537811cffa2851bae985b47b2ba91818f0c58
Last affected
845610d1b58fc3b9e4127c8fd277a9d56a9874c2
Last affected
854ababcc906677d4379fccab79adc783cd1f3a1
Last affected
8557dabc8a07e543f4b8f3ccd1113072294c459c
Last affected
86185a59e928cd1dc554a74f362a5bb33bbdc8c8
Last affected
8648f76bac2f78391a1539253f21d62f53d83022
Last affected
86aa35b787caa8a28ae0a87e13cd4409c1034fe9
Last affected
86d7c5866fa6b9247c9ca0bb60d7aad63c1f4ee8
Last affected
8722983775497294485ecb48bec607a22b9acdb4
Last affected
8eb2a1067ce478c035663c500bd74ec30731c494
Last affected
8eff5afaced13c9c30337c11da4920fc1d2394ce
Last affected
8f0acd6a9022e01f5c438c395eb619f34f89567e
Last affected
8f155eae867aacd79bec46391277100189d95a3a
Last affected
904d2202eaecb7c300c36f37ebc5503513220c09
Last affected
91538759b71d6dccb71cf9c30be6867a9dd67bcd
Last affected
939409d36feb09b882d521ec9ceecce6999ab199
Last affected
945736ca4963570b1ca36251f232bc33f51f3329
Last affected
94eff14f26013d2be976036b288536d902b59971
Last affected
961e562d1b7e7d67c7370022a167938641d607ea
Last affected
9b4296569817f5db3f11158228c7db266bd59a6d
Last affected
9c44e509e088486a87851ac3d4e7c7a6b056c1c8
Last affected
9d09291627d6b845a9663f97f763bcc6b4000feb
Last affected
9d10b0109258e8ea797c8977c5932d162d6c6004
Last affected
9d582eba7448f1495fae62b13d95d2844ce6b28a
Last affected
a286e992fd444aa7f8f53b2cc9f57a47104f9fb6
Last affected
a2a22c46686604f07a06fc6805368c0c281f7808
Last affected
a36407215f69ba2debf77933dcb3faa0c3ba2d04
Last affected
a4c0b7a254a00457760eb446582d5207aaf468c1
Last affected
a54db3838f780628d898369c4cfcf41f5bded97c
Last affected
a7c3d28e89e0617c54bf567eaca94fb8dad5dfdb
Last affected
a856d8cc4f18ebd63c112a55f3de20602e7d12a3
Last affected
a905779194a15c8e5897b08202ddf5e45b31280b
Last affected
a964242f19ad029e57a62576f04e3cbab4795d03
Last affected
ae3a37659f93bb16ca813a39d2cdd0a96a63bea8
Last affected
aff15d154d8c653126df64ef994aff2091745830
Last affected
b1e49d95a17f8e553172da43834588a8ea78081e
Last affected
b30251268dbee5d7780ef04a2c027f6ceb3c3f53
Last affected
b4cb0265a108b9c788b966bb2b5c2a5e2c1cbe4a
Last affected
b4e4a2c7aea8cc0b59b7836463bdd2d214b83177
Last affected
b9bacc2007815d1440aceff7aed8b0c539c3c29c
Last affected
ba19ce3794fe734af2cc9597ac72e2b1be06852f
Last affected
bab156de79969108024c9715bbb98e3d1568e501
Last affected
bcb10c4700d3512afe23282f7e3995fdc33f0596
Last affected
bd4301120f24e4920c19d3ff0613a67c561a1d3f
Last affected
be8864cc22335efdf318e5a3fc746d8ec0f61f7a
Last affected
bfc6f12728a0ac84dbe1f2c2661f036fa63e7231
Last affected
c180a72112d59ea4a9aa974dec210420862af465
Last affected
c2383857790e75ff405c2518a7aaf40bde8ef788
Last affected
c48169cc31c6b263a4942295fa15f141ecf28cd5
Last affected
c5ffec0d344836909da4856ab0ef3d834e672312
Last affected
c87337a8d30fb1499576fe4672cc62cd2ec7eec2
Last affected
c89cf742c43e01ab107d504fd332294ca38c9b4e
Last affected
c9e5f38e5b62fb6e5b60fe0759f51ab137ae8fd6
Last affected
cb80afc366df74ec7ab701a853407a69cc148f5d
Last affected
d005ed9681d6797012570c4e32abb3abcdf3b72a
Last affected
d224386bd8424345a5178b5ba0c9c881e83c7fe0
Last affected
d41f74f0894deb18db13a43d56363d84f97dd237
Last affected
d42be4a5cf0ecd8e0d57a772dae53ef4a8c6e785
Last affected
d5747a70cf612e653b0e56dfa50efb29bbba273d
Last affected
d6d5fb0aa1b2a014f7a800331a4f631cbb5ad5e5
Last affected
d8e4dcdfd617f1c1c942db63527d1d3838ede7c4
Last affected
d8fcf7b63db5428dd897967ce1f679388d973bf1
Last affected
da12ca9c1ed03084e6803f5e81e46f2e0a80460a
Last affected
da76b1a87356695dfd9ce17c81801c3f8450a647
Last affected
dabfd7727f5496ebd913488f6a996117f8597686
Last affected
dae8ff251c0cdbbb0640df8277edef050fdb8854
Last affected
dd1b97c3de8bca56c97cb47936726d9b4b79afe1
Last affected
dd8a40b23bf50b1c4aa3cdb62cfdb99eecdbbd4f
Last affected
de528a07dabb79913d4e9a792f17a91311209527
Last affected
e09845d32614a19188632f410316478fbb440ebd
Last affected
e197c9b13991e569179a709574187f9e455efc0f
Last affected
e2874f7bf990ed58ba6f7abccefa2c00a0447fc7
Last affected
e37064dae4a80c70405899bb591969bbe6aad9a8
Last affected
e42bdcb7aa74c7846b984ef25462780ed135103f
Last affected
e4afa14812d10da7413096c742470fb0582ebc95
Last affected
e7ed1f65c1add150c06b4c720df10546a53d6c9a
Last affected
e808a7687ecd82ea18d6a83cb1f003a84831c0e2
Last affected
e926a1a71b17555c621b7f193bcd6625c916de48
Last affected
e9354b53665e2d313f07d48ce3d227cc61a068dc
Last affected
e93fdf6330e5cbf5eb0d2d2c9f0eb3d294b07f8a
Last affected
e941690b242b0cbf63baed95d067eaf94a231165
Last affected
e961c76a0bf81dbf7322fbd87fafc0642b6bef62
Last affected
e971b92d4a3b3ca5b60a15b8c34d2abbf4b4173c
Last affected
efe8f3f74de6f587edb2a73e18a7399ac41b5836
Last affected
f0799ceeb404cf7f7132cc85f075e1bd2648298d
Last affected
f0e3cbb8b6c066bb9ea8655cc70e2645a73526f0
Last affected
f2722bdbc60403300a033ee8091a2da31f7c90c1
Last affected
f444b33ee87d3745c3cea948549ec9ed07c8c9c4
Last affected
f535ab2c62d27b5922be490ad768535088599357
Last affected
f5751638dbd77136ce5c90e7d8bd090aa655c2a3
Last affected
f8f85eb9d193452473a188ea216cda5f38fb766e
Last affected
f94c1df85fb004bb35091da5cebe730589a409b8
Last affected
fa6f9e100476fbdd65495524616a0373edb24f87
Last affected
fabcd658d1124d9fbe5c7632ca89def06a6f8600
Last affected
fb59213fc461f079bc218abf44cb5e2b4db2182c
Last affected
fc0bb37067fab35689dbf32684e5780fcc21aed0
Last affected
fd6e334f4a6275f3434cb3cedfc250a45c534b36
Last affected
fdbd854b79108745ee69f7052b080d82d5492469
Last affected
fdf1231f66a31514e8be129b7e6d5e91d8e5c99e

Affected versions

Other

NEWS
NEWS-cvs2svn
POST_64BIT_BRANCH_MERGE
POST_AST_MERGE
POST_NATIVE_TLS_MERGE
POST_PHP7_EREG_MYSQL_REMOVALS
POST_PHP7_NSAPI_REMOVAL
POST_PHP7_REMOVALS
POST_PHPNG_MERGE
PRE_64BIT_BRANCH_MERGE
PRE_AST_MERGE
PRE_NATIVE_TLS_MERGE
PRE_PHP7_EREG_MYSQL_REMOVALS
PRE_PHP7_NSAPI_REMOVAL
PRE_PHP7_REMOVALS
PRE_PHPNG_MERGE

php-5.*

php-5.3.11
php-5.3.11RC1
php-5.3.11RC2
php-5.3.12
php-5.3.14
php-5.3.14RC1
php-5.3.14RC2
php-5.3.15
php-5.3.15RC1
php-5.3.16
php-5.3.17
php-5.3.18
php-5.3.18RC1
php-5.3.19
php-5.3.19RC1
php-5.3.20
php-5.3.20RC1
php-5.3.21
php-5.3.21RC1
php-5.3.22
php-5.3.22RC1
php-5.3.22RC2
php-5.3.23
php-5.3.23RC1
php-5.3.24
php-5.3.24RC1
php-5.3.25
php-5.3.25RC1
php-5.3.26
php-5.3.26RC1
php-5.3.27
php-5.3.27RC1
php-5.3.28
php-5.3.29
php-5.3.29RC1
php-5.4.1
php-5.4.10
php-5.4.10RC1
php-5.4.11
php-5.4.11RC1
php-5.4.12
php-5.4.12RC1
php-5.4.12RC2
php-5.4.13
php-5.4.13RC1
php-5.4.14
php-5.4.14RC1
php-5.4.15
php-5.4.15RC1
php-5.4.16RC1
php-5.4.17
php-5.4.17RC1
php-5.4.18
php-5.4.18RC1
php-5.4.18RC2
php-5.4.1RC1
php-5.4.1RC2
php-5.4.20
php-5.4.20RC1
php-5.4.21
php-5.4.21RC1
php-5.4.22
php-5.4.22RC1
php-5.4.23
php-5.4.23RC1
php-5.4.24
php-5.4.24RC1
php-5.4.25
php-5.4.25RC1
php-5.4.26
php-5.4.26RC1
php-5.4.27
php-5.4.27RC1
php-5.4.28
php-5.4.28RC1
php-5.4.30RC1
php-5.4.32RC1
php-5.4.34
php-5.4.35
php-5.4.37
php-5.4.38
php-5.4.39
php-5.4.4
php-5.4.41
php-5.4.42
php-5.4.43
php-5.4.44
php-5.4.45
php-5.4.4RC1
php-5.4.4RC2
php-5.4.5
php-5.4.5RC1
php-5.4.6
php-5.4.6RC1
php-5.4.7
php-5.4.7RC1
php-5.4.8
php-5.4.8RC1
php-5.4.9
php-5.4.9RC1
php-5.5.10
php-5.5.10RC1
php-5.5.11
php-5.5.11RC1
php-5.5.12
php-5.5.12RC1
php-5.5.13
php-5.5.13RC1
php-5.5.14
php-5.5.14RC1
php-5.5.18
php-5.5.18RC1
php-5.5.19
php-5.5.19RC1
php-5.5.2
php-5.5.20
php-5.5.20RC1
php-5.5.21
php-5.5.21RC1
php-5.5.22
php-5.5.22RC1
php-5.5.23
php-5.5.23RC1
php-5.5.24
php-5.5.24RC1
php-5.5.25
php-5.5.25RC1
php-5.5.26
php-5.5.26RC1
php-5.5.27
php-5.5.27RC1
php-5.5.28
php-5.5.29
php-5.5.30
php-5.5.31
php-5.5.32
php-5.5.33
php-5.5.34
php-5.5.35
php-5.5.36
php-5.5.37
php-5.5.4
php-5.5.7
php-5.5.7RC1
php-5.5.8
php-5.5.8RC1
php-5.5.9
php-5.5.9RC1
php-5.6.0alpha1
php-5.6.0alpha2
php-5.6.0alpha3
php-5.6.0beta1
php-5.6.1
php-5.6.10
php-5.6.10RC1
php-5.6.11
php-5.6.11RC1
php-5.6.12
php-5.6.12RC1
php-5.6.13
php-5.6.13RC1
php-5.6.14
php-5.6.14RC1
php-5.6.15
php-5.6.15RC1
php-5.6.16
php-5.6.16RC1
php-5.6.17
php-5.6.17RC1
php-5.6.18
php-5.6.18RC1
php-5.6.19
php-5.6.19RC1
php-5.6.1RC1
php-5.6.20
php-5.6.20RC1
php-5.6.21
php-5.6.21RC1
php-5.6.22
php-5.6.22RC1
php-5.6.23
php-5.6.23RC1
php-5.6.24
php-5.6.24RC1
php-5.6.25
php-5.6.25RC1
php-5.6.26
php-5.6.26RC1
php-5.6.27
php-5.6.27RC1

php-7.*

php-7.0.0
php-7.0.0RC1
php-7.0.0RC2
php-7.0.0RC3
php-7.0.0RC4
php-7.0.0RC5
php-7.0.0RC6
php-7.0.0RC7
php-7.0.0RC8
php-7.0.0alpha1
php-7.0.0alpha2
php-7.0.0beta1
php-7.0.0beta2
php-7.0.0beta3
php-7.0.1
php-7.0.10
php-7.0.10RC1
php-7.0.11
php-7.0.11RC1
php-7.0.12
php-7.0.12RC1
php-7.0.1RC1
php-7.0.2
php-7.0.2RC1
php-7.0.3
php-7.0.3RC1
php-7.0.4
php-7.0.4RC1
php-7.0.5
php-7.0.5RC1
php-7.0.6
php-7.0.6RC1
php-7.0.7
php-7.0.7RC1
php-7.0.8
php-7.0.8RC1
php-7.0.9
php-7.0.9RC1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-7478.json"