Launchpad.net

CVE 2016-7417

ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data.

Related bugs and status

CVE-2016-7417 (Candidate) is related to these bugs:

Bug #1641211: Please merge php7.0 7.0.12-2 from Debian unstable

Summary				In	Importance	Status
	1641211	Please merge php7.0 7.0.12-2 from Debian unstable		php7.0 (Ubuntu)	Undecided	Fix Released

Bug #1645431: [SRU] microrelease exception for src:php7.0 (7.0.13)

		In	Importance	Status
1645431	[SRU] microrelease exception for src:php7.0 (7.0.13)	php7.0 (Ubuntu)	Medium	Fix Released
1645431	[SRU] microrelease exception for src:php7.0 (7.0.13)	php7.0 (Ubuntu Yakkety)	Medium	Fix Released
1645431	[SRU] microrelease exception for src:php7.0 (7.0.13)	php7.0 (Ubuntu Xenial)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2016-7417

Related bugs and status

Related bugs

References