CVE-2016-9138

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2016-9138
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-9138.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-9138
Downstream
Related
Published
2017-01-04T20:59:00.433Z
Modified
2026-01-30T02:48:42.732824Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data, as demonstrated by Exception::toString with DateInterval::__wakeup.

References

Affected packages

Git / github.com/php/php-src

Affected ranges

Type
GIT
Repo
https://github.com/php/php-src
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
038c63cdea0472176ec2fdb162cfbd96e8c5f83e
Last affected
140e2adb5ab8a5ed0624366c0416f07b8aa17254
Last affected
249a8fd9ae2324c84ede7ecfca6f6026e6d87df6
Last affected
4054ec69da7631046f19d54ab06f09728a208b8b
Last affected
4e1b8701573698f56e12672e4991d7e6239138d2
Last affected
60fffd296abce5fc071f3c173c25a2696cf683c6
Last affected
734a5fca2c4731e34eca551f28be9a10ffc3f3c9
Last affected
9d582eba7448f1495fae62b13d95d2844ce6b28a
Last affected
a36407215f69ba2debf77933dcb3faa0c3ba2d04
Last affected
da12ca9c1ed03084e6803f5e81e46f2e0a80460a
Last affected
e09845d32614a19188632f410316478fbb440ebd
Last affected
e2874f7bf990ed58ba6f7abccefa2c00a0447fc7
Last affected
e42bdcb7aa74c7846b984ef25462780ed135103f
Last affected
fb59213fc461f079bc218abf44cb5e2b4db2182c

Affected versions

Other
NEWS
NEWS-cvs2svn
POST_64BIT_BRANCH_MERGE
POST_AST_MERGE
POST_NATIVE_TLS_MERGE
POST_PHP7_EREG_MYSQL_REMOVALS
POST_PHP7_NSAPI_REMOVAL
POST_PHP7_REMOVALS
POST_PHPNG_MERGE
PRE_64BIT_BRANCH_MERGE
PRE_AST_MERGE
PRE_NATIVE_TLS_MERGE
PRE_PHP7_EREG_MYSQL_REMOVALS
PRE_PHP7_NSAPI_REMOVAL
PRE_PHP7_REMOVALS
PRE_PHPNG_MERGE
php-5.*
php-5.3.23RC1
php-5.3.29
php-5.3.29RC1
php-5.4.30RC1
php-5.4.32RC1
php-5.4.4RC2
php-5.5.24RC1
php-5.6.18RC1
php-5.6.19RC1
php-5.6.22RC1
php-5.6.23RC1
php-5.6.24RC1
php-5.6.27
php-5.6.27RC1
php-7.*
php-7.0.0
php-7.0.0RC1
php-7.0.0RC2
php-7.0.0RC3
php-7.0.0RC4
php-7.0.0RC5
php-7.0.0RC6
php-7.0.0RC7
php-7.0.0RC8
php-7.0.0alpha1
php-7.0.0alpha2
php-7.0.0beta1
php-7.0.0beta2
php-7.0.0beta3
php-7.0.1
php-7.0.10
php-7.0.10RC1
php-7.0.11
php-7.0.11RC1
php-7.0.12
php-7.0.12RC1
php-7.0.1RC1
php-7.0.2
php-7.0.2RC1
php-7.0.3
php-7.0.3RC1
php-7.0.4
php-7.0.4RC1
php-7.0.5
php-7.0.5RC1
php-7.0.6
php-7.0.6RC1
php-7.0.7
php-7.0.7RC1
php-7.0.8
php-7.0.8RC1
php-7.0.9
php-7.0.9RC1

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-9138.json"