CVE-2017-12932

ext/standard/var_unserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x through 7.1.8 is prone to a heap use after free while unserializing untrusted data, related to improper use of the hash API for key deletion in a situation with an invalid array size. Exploitation of this issue can have an unspecified impact on the integrity of PHP.

References

Affected packages

Git / github.com/php/php-src

Affected ranges

Type

GIT

Repo

https://github.com/php/php-src

Events

Introduced

Last affected

90fc27f17abb5cb9c7006987fe53b62d66f981a7

Last affected

926586279794d47ee26dde7d6e0c0cdc2dd42f1c

Last affected

a0a2b2d3607501030fc4217ff103cb3ff9342726

Last affected

62b8c4246a1004a17a36493920c21780e6a280f2

Last affected

28e985f7ee394ec4c078880703376e0efbb8385d

Last affected

5399faae55c0a2a6e26285cb1cced73aa4b5bfde

Last affected

3c84adde7d778b1e8ff1169ef1085f204d182fb3

Last affected

5dc2490b91726870559d6d0603876468a82f9ff1

Last affected

3ee57eb83fa17b74d910d1f9049e2d2242cf6888

Last affected

c86338a35cda8514c8d2f38e62808f9bcfe0e4cb

Last affected

435c184838dea299e9cdaff04427537ff12e5e3a

Last affected

6f40cd7e4f43715369d80886e78de7bcbbebafca

Last affected

b65bd2a2640a2145040f56ba2822af37da601106

Last affected

7dcf57b4c35d771df8457204d8de9d38f929802e

Last affected

77ac36eb50b715b1671d610660f6807a4b5caf80

Last affected

fc41ee7332e6358eda2bacea8a0debd4e1f1323f

Last affected

0374cfe080227a92b74cf5a0b440f2330a1d90e6

Last affected

90480d5a975c7f09adaf9b77b7b13f24c09d1efa

Last affected

2f62ca5075beb64c07522eda45dd6c1265d76625

Last affected

e1bc2a7fb10f6f620d6ea24191333fd9c25e9e0e

Last affected

e41045ec9b146f10937ee3c27134c30d5ccf36f8

Last affected

ebb400fed6feb77420fafaca6847d40d3207e71d

Last affected

88b0cf95a6dcd29ee1b0e74fc83df4c45976f1a7

Last affected

e9a9f955fad5bf522bc4a4ada651586fb272ebfd

Last affected

4274ad3a4aaea624920305289b06a6242007bf5e

Last affected

d7d382174fa8c394aa942d293e20e34967591a5c

Last affected

a9b523ebafb703e03a7d9cdf6cab3076b5c33af8

Last affected

bd7378e6fdc8b30a00aa14ce303185c7d337eb20

Last affected

f7eb1aba9e3a2b4d5dc0f287e36ac567ddb8f73c

Last affected

c8bffc54faea447150015775df3369113447a066

Last affected

eafe83aa5b7382c990764b41f99701ef502ed267

Last affected

4abbaf06f10761efe96e58ab112efbe591f75bca

Database specific

{
    "source": "CPE_FIELD",
    "cpe": [
        "cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.0.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.0.4:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.0.5:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.0.6:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.0.7:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.0.8:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.0.9:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.0.10:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.0.11:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.0.12:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.0.13:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.0.14:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.0.15:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.0.16:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.0.17:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.0.18:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.0.19:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.0.20:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.0.21:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.0.22:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.1.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.1.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.1.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.1.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.1.4:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.1.5:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.1.6:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.1.7:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.1.8:*:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.0"
        },
        {
            "last_affected": "7.0.1"
        },
        {
            "last_affected": "7.0.2"
        },
        {
            "last_affected": "7.0.3"
        },
        {
            "last_affected": "7.0.4"
        },
        {
            "last_affected": "7.0.5"
        },
        {
            "last_affected": "7.0.6"
        },
        {
            "last_affected": "7.0.7"
        },
        {
            "last_affected": "7.0.8"
        },
        {
            "last_affected": "7.0.9"
        },
        {
            "last_affected": "7.0.10"
        },
        {
            "last_affected": "7.0.11"
        },
        {
            "last_affected": "7.0.12"
        },
        {
            "last_affected": "7.0.13"
        },
        {
            "last_affected": "7.0.14"
        },
        {
            "last_affected": "7.0.15"
        },
        {
            "last_affected": "7.0.16"
        },
        {
            "last_affected": "7.0.17"
        },
        {
            "last_affected": "7.0.18"
        },
        {
            "last_affected": "7.0.19"
        },
        {
            "last_affected": "7.0.20"
        },
        {
            "last_affected": "7.0.21"
        },
        {
            "last_affected": "7.0.22"
        },
        {
            "last_affected": "7.1.0"
        },
        {
            "last_affected": "7.1.1"
        },
        {
            "last_affected": "7.1.2"
        },
        {
            "last_affected": "7.1.3"
        },
        {
            "last_affected": "7.1.4"
        },
        {
            "last_affected": "7.1.5"
        },
        {
            "last_affected": "7.1.6"
        },
        {
            "last_affected": "7.1.7"
        },
        {
            "last_affected": "7.1.8"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-12932.json"