Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data containing a ZipArchive object.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PHP zip扩展释放后重用漏洞
Vulnerability Description
PHP(PHP:Hypertext Preprocessor,PHP:超文本预处理器)是PHP Group和开放源代码社区共同维护的一种开源的通用计算机脚本语言。zip是其中的一个用于读取或写入ZIP压缩档案的扩展。 PHP中的zip扩展中的php_zip.c文件中存在安全漏洞,该漏洞源于并形化实现过程与垃圾回收存在不正确的互交。远程攻击者可借助包含ZipArchive对象的串形化数据利用该漏洞执行任意代码,或造成拒绝服务(释放后重用和应用程序崩溃)。以下版本受到影响:PHP 5.5.37之前的版本,5.
CVSS Information
N/A
Vulnerability Type
N/A