CVE-2016-5773

CVE-2016-5773

php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data containing a ZipArchive object.

Source: CVE-2016-5773

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다