Vigil@nce - PHP: multiple vulnerabilities
February 2017 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of PHP.
Impacted products: Debian, openSUSE, openSUSE Leap, PHP, Slackware.
Severity: 2/4.
Creation date: 08/12/2016.
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in PHP.
An attacker can create a memory leak via Spl Hash, in order to
trigger a denial of service. [severity:1/4]
An attacker can generate an integer overflow via Calendar, in
order to trigger a denial of service, and possibly to run code.
[severity:2/4]
An attacker can force the usage of a freed memory area via Zend
Allocator Management, in order to trigger a denial of service, and
possibly to run code. [severity:2/4; 73392]
An attacker can generate a memory corruption via PDO_Firebird
bindParam, in order to trigger a denial of service, and possibly
to run code. [severity:2/4; 61183, 71494, 73087]
An attacker can create a memory leak via wddx, in order to trigger
a denial of service. [severity:1/4; 73631, CVE-2016-9935]
An unknown vulnerability was announced via wddx. [severity:2/4;
73631, CVE-2016-9935]
An attacker can force the usage of a freed memory area via
unserialize(), in order to trigger a denial of service, and
possibly to run code. [severity:2/4; 72978, CVE-2016-9936]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/PHP-multiple-vulnerabilities-21327