{"id":"CVE-2017-12932","details":"ext/standard/var_unserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x through 7.1.8 is prone to a heap use after free while unserializing untrusted data, related to improper use of the hash API for key deletion in a situation with an invalid array size. Exploitation of this issue can have an unspecified impact on the integrity of PHP.","modified":"2026-05-07T21:09:37.669460Z","published":"2017-08-18T03:29:00.183Z","related":["SUSE-SU-2017:2468-1"],"references":[{"type":"ADVISORY","url":"http://php.net/ChangeLog-7.php"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/100427"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:1296"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2519"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201709-21"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20180112-0001/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2018/dsa-4080"},{"type":"REPORT","url":"https://bugs.php.net/bug.php?id=74103"},{"type":"FIX","url":"https://github.com/php/php-src/commit/1a23ebc1fff59bf480ca92963b36eba5c1b904c4"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/php/php-src","events":[{"introduced":"0"},{"last_affected":"90fc27f17abb5cb9c7006987fe53b62d66f981a7"},{"last_affected":"926586279794d47ee26dde7d6e0c0cdc2dd42f1c"},{"last_affected":"a0a2b2d3607501030fc4217ff103cb3ff9342726"},{"last_affected":"62b8c4246a1004a17a36493920c21780e6a280f2"},{"last_affected":"28e985f7ee394ec4c078880703376e0efbb8385d"},{"last_affected":"5399faae55c0a2a6e26285cb1cced73aa4b5bfde"},{"last_affected":"3c84adde7d778b1e8ff1169ef1085f204d182fb3"},{"last_affected":"5dc2490b91726870559d6d0603876468a82f9ff1"},{"last_affected":"3ee57eb83fa17b74d910d1f9049e2d2242cf6888"},{"last_affected":"c86338a35cda8514c8d2f38e62808f9bcfe0e4cb"},{"last_affected":"435c184838dea299e9cdaff04427537ff12e5e3a"},{"last_affected":"6f40cd7e4f43715369d80886e78de7bcbbebafca"},{"last_affected":"b65bd2a2640a2145040f56ba2822af37da601106"},{"last_affected":"7dcf57b4c35d771df8457204d8de9d38f929802e"},{"last_affected":"77ac36eb50b715b1671d610660f6807a4b5caf80"},{"last_affected":"fc41ee7332e6358eda2bacea8a0debd4e1f1323f"},{"last_affected":"0374cfe080227a92b74cf5a0b440f2330a1d90e6"},{"last_affected":"90480d5a975c7f09adaf9b77b7b13f24c09d1efa"},{"last_affected":"2f62ca5075beb64c07522eda45dd6c1265d76625"},{"last_affected":"e1bc2a7fb10f6f620d6ea24191333fd9c25e9e0e"},{"last_affected":"e41045ec9b146f10937ee3c27134c30d5ccf36f8"},{"last_affected":"ebb400fed6feb77420fafaca6847d40d3207e71d"},{"last_affected":"88b0cf95a6dcd29ee1b0e74fc83df4c45976f1a7"},{"last_affected":"e9a9f955fad5bf522bc4a4ada651586fb272ebfd"},{"last_affected":"4274ad3a4aaea624920305289b06a6242007bf5e"},{"last_affected":"d7d382174fa8c394aa942d293e20e34967591a5c"},{"last_affected":"a9b523ebafb703e03a7d9cdf6cab3076b5c33af8"},{"last_affected":"bd7378e6fdc8b30a00aa14ce303185c7d337eb20"},{"last_affected":"f7eb1aba9e3a2b4d5dc0f287e36ac567ddb8f73c"},{"last_affected":"c8bffc54faea447150015775df3369113447a066"},{"last_affected":"eafe83aa5b7382c990764b41f99701ef502ed267"},{"last_affected":"4abbaf06f10761efe96e58ab112efbe591f75bca"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"7.0.0"},{"last_affected":"7.0.1"},{"last_affected":"7.0.2"},{"last_affected":"7.0.3"},{"last_affected":"7.0.4"},{"last_affected":"7.0.5"},{"last_affected":"7.0.6"},{"last_affected":"7.0.7"},{"last_affected":"7.0.8"},{"last_affected":"7.0.9"},{"last_affected":"7.0.10"},{"last_affected":"7.0.11"},{"last_affected":"7.0.12"},{"last_affected":"7.0.13"},{"last_affected":"7.0.14"},{"last_affected":"7.0.15"},{"last_affected":"7.0.16"},{"last_affected":"7.0.17"},{"last_affected":"7.0.18"},{"last_affected":"7.0.19"},{"last_affected":"7.0.20"},{"last_affected":"7.0.21"},{"last_affected":"7.0.22"},{"last_affected":"7.1.0"},{"last_affected":"7.1.1"},{"last_affected":"7.1.2"},{"last_affected":"7.1.3"},{"last_affected":"7.1.4"},{"last_affected":"7.1.5"},{"last_affected":"7.1.6"},{"last_affected":"7.1.7"},{"last_affected":"7.1.8"}],"source":"CPE_FIELD","cpe":["cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:*","cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*","cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:*","cpe:2.3:a:php:php:7.0.3:*:*:*:*:*:*:*","cpe:2.3:a:php:php:7.0.4:*:*:*:*:*:*:*","cpe:2.3:a:php:php:7.0.5:*:*:*:*:*:*:*","cpe:2.3:a:php:php:7.0.6:*:*:*:*:*:*:*","cpe:2.3:a:php:php:7.0.7:*:*:*:*:*:*:*","cpe:2.3:a:php:php:7.0.8:*:*:*:*:*:*:*","cpe:2.3:a:php:php:7.0.9:*:*:*:*:*:*:*","cpe:2.3:a:php:php:7.0.10:*:*:*:*:*:*:*","cpe:2.3:a:php:php:7.0.11:*:*:*:*:*:*:*","cpe:2.3:a:php:php:7.0.12:*:*:*:*:*:*:*","cpe:2.3:a:php:php:7.0.13:*:*:*:*:*:*:*","cpe:2.3:a:php:php:7.0.14:*:*:*:*:*:*:*","cpe:2.3:a:php:php:7.0.15:*:*:*:*:*:*:*","cpe:2.3:a:php:php:7.0.16:*:*:*:*:*:*:*","cpe:2.3:a:php:php:7.0.17:*:*:*:*:*:*:*","cpe:2.3:a:php:php:7.0.18:*:*:*:*:*:*:*","cpe:2.3:a:php:php:7.0.19:*:*:*:*:*:*:*","cpe:2.3:a:php:php:7.0.20:*:*:*:*:*:*:*","cpe:2.3:a:php:php:7.0.21:*:*:*:*:*:*:*","cpe:2.3:a:php:php:7.0.22:*:*:*:*:*:*:*","cpe:2.3:a:php:php:7.1.0:*:*:*:*:*:*:*","cpe:2.3:a:php:php:7.1.1:*:*:*:*:*:*:*","cpe:2.3:a:php:php:7.1.2:*:*:*:*:*:*:*","cpe:2.3:a:php:php:7.1.3:*:*:*:*:*:*:*","cpe:2.3:a:php:php:7.1.4:*:*:*:*:*:*:*","cpe:2.3:a:php:php:7.1.5:*:*:*:*:*:*:*","cpe:2.3:a:php:php:7.1.6:*:*:*:*:*:*:*","cpe:2.3:a:php:php:7.1.7:*:*:*:*:*:*:*","cpe:2.3:a:php:php:7.1.8:*:*:*:*:*:*:*"]}}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-12932.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}