{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "last_affected": "7.0.0" }, { "introduced": "0" }, { "last_affected": "7.0.1" }, { "introduced": "0" }, { "last_affected": "7.0.2" }, { "introduced": "0" }, { "last_affected": "7.0.3" }, { "introduced": "0" }, { "last_affected": "7.0.4" }, { "introduced": "0" }, { "last_affected": "7.0.5" }, { "introduced": "0" }, { "last_affected": "7.0.6" }, { "introduced": "0" }, { "last_affected": "7.0.7" }, { "introduced": "0" }, { "last_affected": "7.0.8" }, { "introduced": "0" }, { "last_affected": "7.0.9" }, { "introduced": "0" }, { "last_affected": "7.0.10" }, { "introduced": "0" }, { "last_affected": "7.0.11" }, { "introduced": "0" }, { "last_affected": "7.0.12" }, { "introduced": "0" }, { "last_affected": "7.0.14" }, { "introduced": "0" }, { "last_affected": "7.1.0" } ] }, "events": [ { "introduced": "0" }, { "last_affected": "60fffd296abce5fc071f3c173c25a2696cf683c6" }, { "introduced": "0" }, { "last_affected": "4054ec69da7631046f19d54ab06f09728a208b8b" }, { "introduced": "0" }, { "last_affected": "038c63cdea0472176ec2fdb162cfbd96e8c5f83e" }, { "introduced": "0" }, { "last_affected": "4e1b8701573698f56e12672e4991d7e6239138d2" }, { "introduced": "0" }, { "last_affected": "e09845d32614a19188632f410316478fbb440ebd" }, { "introduced": "0" }, { "last_affected": "249a8fd9ae2324c84ede7ecfca6f6026e6d87df6" }, { "introduced": "0" }, { "last_affected": "734a5fca2c4731e34eca551f28be9a10ffc3f3c9" }, { "introduced": "0" }, { "last_affected": "fb59213fc461f079bc218abf44cb5e2b4db2182c" }, { "introduced": "0" }, { "last_affected": "a36407215f69ba2debf77933dcb3faa0c3ba2d04" }, { "introduced": "0" }, { "last_affected": "9d582eba7448f1495fae62b13d95d2844ce6b28a" }, { "introduced": "0" }, { "last_affected": "da12ca9c1ed03084e6803f5e81e46f2e0a80460a" }, { "introduced": "0" }, { "last_affected": "e2874f7bf990ed58ba6f7abccefa2c00a0447fc7" }, { "introduced": "0" }, { "last_affected": "140e2adb5ab8a5ed0624366c0416f07b8aa17254" }, { "introduced": "0" }, { "last_affected": "94933677a34de91b54ecd3cbe44770b7c204dc8a" }, { "introduced": "0" }, { "last_affected": "0221e9f827632942225586687a33cfd554860d5e" } ], "repo": "https://github.com/php/php-src", "type": "GIT" } ] } ], "details": "In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution.", "id": "CVE-2016-7479", "modified": "2026-03-11T13:49:42.279607950Z", "published": "2017-01-12T00:59:00.140Z", "references": [ { "type": "WEB", "url": "http://www.securitytracker.com/id/1037659" }, { "type": "WEB" }, { "type": "ADVISORY", "url": "http://blog.checkpoint.com/2016/12/27/check-point-discovers-three-zero-day-vulnerabilities-web-programming-language-php-7" }, { "type": "ADVISORY", "url": "http://www.securityfocus.com/bid/95151" }, { "type": "ADVISORY", "url": "https://security.netapp.com/advisory/ntap-20180112-0001/" }, { "type": "ADVISORY", "url": "https://access.redhat.com/errata/RHSA-2018:1296" }, { "type": "REPORT", "url": "https://bugs.php.net/bug.php?id=73092" }, { "type": "ARTICLE", "url": "https://www.youtube.com/watch?v=LDcaPstAuPk" }, { "type": "EVIDENCE", "url": "http://blog.checkpoint.com/wp-content/uploads/2016/12/PHP_Technical_Report.pdf" } ], "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }