CVE-2016-5773

php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data containing a ZipArchive object.

Published: Aug 7, 2016
Updated: Apr 13, 2023
CVE: CVE-2016-5773
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-416

Affected Software
References

Software	From	Fixed in
php / php	5.6.1	5.6.1.x
php / php	5.6.0-alpha5	5.6.0-alpha5.x
php / php	5.6.5	5.6.5.x
php / php	7.0.4	7.0.4.x
php / php	5.6.12	5.6.12.x
php / php	5.6.13	5.6.13.x
php / php	5.6.0-beta2	5.6.0-beta2.x
php / php	5.6.0-beta1	5.6.0-beta1.x
php / php	5.6.4	5.6.4.x
php / php	7.0.3	7.0.3.x
php / php	5.6.6	5.6.6.x
php / php	7.0.1	7.0.1.x
php / php	5.6.0-alpha3	5.6.0-alpha3.x
php / php	5.6.18	5.6.18.x
php / php	5.6.11	5.6.11.x
php / php	5.6.2	5.6.2.x
php / php	5.6.10	5.6.10.x
php / php	5.6.0-beta3	5.6.0-beta3.x
php / php	5.6.7	5.6.7.x
php / php	7.0.7	7.0.7.x
php / php	5.6.0-beta4	5.6.0-beta4.x
php / php	5.6.21	5.6.21.x
php / php	5.6.15	5.6.15.x
php / php	5.6.20	5.6.20.x
php / php	7.0.2	7.0.2.x
php / php	5.6.0-alpha2	5.6.0-alpha2.x
php / php	5.6.17	5.6.17.x
php / php	5.6.16	5.6.16.x
php / php	5.6.23	5.6.23.x
php / php	5.6.9	5.6.9.x
php / php	5.6.0-alpha1	5.6.0-alpha1.x
php / php	7.0.5	7.0.5.x
php / php	5.6.3	5.6.3.x
php / php	7.0.0	7.0.0.x
php / php	7.0.6	7.0.6.x
php / php	5.6.8	5.6.8.x
php / php	5.6.22	5.6.22.x
php / php	-	5.5.36.x
php / php	5.6.14	5.6.14.x
php / php	5.6.19	5.6.19.x
php / php	5.6.0-alpha4	5.6.0-alpha4.x

Vulnerability Database

289,599

CVE-2016-5773