CVE-2016-7480 : The SplObjectStorage unserialize implementation in ext/spl/spl

The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data.

Published 2017-01-11 07:59:00

Updated 2022-07-20 16:47:05

Source Check Point Software Technologies Ltd.

View at NVD, CVE.org

Vulnerability category: OverflowExecute codeDenial of service

Products affected by CVE-2016-7480

PHP » PHP
Versions from including (>=) 7.0.0 and before (<) 7.0.11
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
Matching versions
Netapp » Clustered Data Ontap » Version: N/A
cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2016-7480

Top countries where our scanners detected CVE-2016-7480

Top open port discovered on systems with this issue 80

IPs affected by CVE-2016-7480 8,340

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2016-7480!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2016-7480

EPSS FAQ

2.29%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 84 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2016-7480

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2016-7480

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-7480

http://blog.checkpoint.com/2016/12/27/check-point-discovers-three-zero-day-vulnerabilities-web-programming-language-php-7

Check Point discovers three Zero-Day Vulnerabilities in web programming language PHP 7 - Check Point Software
Third Party Advisory;VDB Entry

CVEs referencing this url
http://www.securityfocus.com/bid/95152

PHP CVE-2016-7480 Remote Code Execution Vulnerability
Third Party Advisory;VDB Entry
http://blog.checkpoint.com/wp-content/uploads/2016/12/PHP_Technical_Report.pdf

Exploit;Technical Description;Third Party Advisory

CVEs referencing this url
https://security.netapp.com/advisory/ntap-20180112-0001/

September 2017 PHP Vulnerabilities in NetApp Products | NetApp Product Security
Third Party Advisory

CVEs referencing this url
https://www.youtube.com/watch?v=LDcaPstAuPk

YouTube
Broken Link;Third Party Advisory

CVEs referencing this url
https://bugs.php.net/bug.php?id=73257

PHP :: Sec Bug #73257 :: pointer to uninitialized memory passed to unserialize
Issue Tracking;Patch;Vendor Advisory
https://github.com/php/php-src/commit/61cdd1255d5b9c8453be71aacbbf682796ac77d4

Fix bug #73257 and bug #73258 - SplObjectStorage unserialize allows u… · php/php-src@61cdd12 · GitHub
Patch;Third Party Advisory
http://php.net/ChangeLog-7.php

PHP: PHP 7 ChangeLog
Release Notes;Vendor Advisory

CVEs referencing this url

Jump to