{"id":"CVE-2016-7124","details":"ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1) __destruct call or (2) magic method call.","modified":"2026-04-11T05:00:43.673560Z","published":"2016-09-12T01:59:02.287Z","related":["SUSE-SU-2016:2328-1","SUSE-SU-2016:2408-1","SUSE-SU-2016:2459-1","SUSE-SU-2016:2460-1","SUSE-SU-2016:2460-2"],"references":[{"type":"WEB","url":"http://www.securityfocus.com/bid/92756"},{"type":"WEB","url":"http://www.securitytracker.com/id/1036680"},{"type":"WEB","url":"https://www.tenable.com/security/tns-2016-19"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-2750.html"},{"type":"ADVISORY","url":"http://www.php.net/ChangeLog-5.php"},{"type":"ADVISORY","url":"http://www.php.net/ChangeLog-7.php"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201611-22"},{"type":"REPORT","url":"https://bugs.php.net/bug.php?id=72663"},{"type":"FIX","url":"https://github.com/php/php-src/commit/20ce2fe8e3c211a42fee05a461a5881be9a8790e?w=1"},{"type":"ARTICLE","url":"http://openwall.com/lists/oss-security/2016/09/02/9"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/php/php-src","events":[{"introduced":"0"},{"last_affected":"60fffd296abce5fc071f3c173c25a2696cf683c6"},{"introduced":"0"},{"last_affected":"4054ec69da7631046f19d54ab06f09728a208b8b"},{"introduced":"0"},{"last_affected":"038c63cdea0472176ec2fdb162cfbd96e8c5f83e"},{"introduced":"0"},{"last_affected":"4e1b8701573698f56e12672e4991d7e6239138d2"},{"introduced":"0"},{"last_affected":"e09845d32614a19188632f410316478fbb440ebd"},{"introduced":"0"},{"last_affected":"249a8fd9ae2324c84ede7ecfca6f6026e6d87df6"},{"introduced":"0"},{"last_affected":"734a5fca2c4731e34eca551f28be9a10ffc3f3c9"},{"introduced":"0"},{"last_affected":"fb59213fc461f079bc218abf44cb5e2b4db2182c"},{"introduced":"0"},{"last_affected":"a36407215f69ba2debf77933dcb3faa0c3ba2d04"},{"introduced":"0"},{"last_affected":"9d582eba7448f1495fae62b13d95d2844ce6b28a"},{"introduced":"0"},{"last_affected":"38980c9ea4156ce52a53f9f3e1007ea3d787fa11"},{"fixed":"20ce2fe8e3c211a42fee05a461a5881be9a8790e"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"7.0.0"},{"introduced":"0"},{"last_affected":"7.0.1"},{"introduced":"0"},{"last_affected":"7.0.2"},{"introduced":"0"},{"last_affected":"7.0.3"},{"introduced":"0"},{"last_affected":"7.0.4"},{"introduced":"0"},{"last_affected":"7.0.5"},{"introduced":"0"},{"last_affected":"7.0.6"},{"introduced":"0"},{"last_affected":"7.0.7"},{"introduced":"0"},{"last_affected":"7.0.8"},{"introduced":"0"},{"last_affected":"7.0.9"},{"introduced":"0"},{"last_affected":"5.6.24"}]}}],"versions":["POST_64BIT_BRANCH_MERGE","POST_AST_MERGE","POST_PHP7_NSAPI_REMOVAL","POST_PHP7_REMOVALS","POST_PHPNG_MERGE","PRE_64BIT_BRANCH_MERGE","PRE_AST_MERGE","PRE_PHP7_EREG_MYSQL_REMOVALS","PRE_PHP7_NSAPI_REMOVAL","PRE_PHP7_REMOVALS","php-5.6.24","php-5.6.24RC1","php-7.0.0","php-7.0.0RC1","php-7.0.0RC2","php-7.0.0RC3","php-7.0.0RC4","php-7.0.0RC5","php-7.0.0RC6","php-7.0.0RC7","php-7.0.0RC8","php-7.0.0alpha1","php-7.0.0alpha2","php-7.0.0beta1","php-7.0.0beta2","php-7.0.0beta3","php-7.0.1","php-7.0.10RC1","php-7.0.1RC1","php-7.0.2","php-7.0.2RC1","php-7.0.3","php-7.0.4","php-7.0.4RC1","php-7.0.5","php-7.0.5RC1","php-7.0.6","php-7.0.6RC1","php-7.0.7","php-7.0.7RC1","php-7.0.8","php-7.0.8RC1","php-7.0.9","php-7.0.9RC1"],"database_specific":{"vanir_signatures":[{"signature_type":"Line","signature_version":"v1","target":{"file":"ext/standard/var_unserializer.c"},"digest":{"threshold":0.9,"line_hashes":["169849720921714996838282264204312771661","180463871628457325660869400684958788254","301713948484354595382149779914294234729","155950694156038132290118533730662272199","333923463304415863502901611294588587148","296795836952294933869272584514427590032","204823138445432280428496205289403694673","64707571472168145927339570475975333396","266863753961195188763357913713176954006","158769509675285144916651430253595575655","294273554692102979811096774751784143628","49358624513085274802117443557708297915","13937495902180270613518050066130079438","242621266573895990135367668685545687806","294895318309561499038485170654422467621","55368886392051895250425902248938507421","202738099425109652598607823093343010405","270359945965553451130210788877821793793","178074408190174776173054644083240984052","161004201992794952905922455376028032402","256443442956102980253156176491481909713","245156234079906997965178134905212056543","38357063647905450980830399792084476926","297841208556428107634182733912843380320","105601260468247641837079922593086233311","229214502789678528166892145626691965228","165085412075416482056254437518569326156","15810064649009299559749305424076231835","338571307469031367281234957284209074078","198399784374333060432827075156526932948","117342263726605245591362162018137668876","209014482270567659290677305826989128386","81569701171309797811578687876468003129","77560458730927188653033843356675103247","146209983029143421467665555168806545790","94572186954339866726967878204384221426","48321779110189459160257381918145830744","24754866100800727073637253209802501961","27149534096773654746749185512571174272","3168590509649118442290998957538160696","134950658922458088599097211667340242239","311073493313700680847037036467860277806","334247954186085663886773938172028615327","8124929253644059898413828152640482438","315023259646954472987244596244082972809","227625791871056898776791685398078142953","267213367295735964003018920669378865431","230315145720989861748229744962122530726","298424571832229827021382577509442569886","49754869983761234541136207887283096280","181924548937547694667614051998031366443","323370582964872018925716694505996117272","332552104211924362678298058775402743683"]},"id":"CVE-2016-7124-130dd5fc","source":"https://github.com/php/php-src/commit/20ce2fe8e3c211a42fee05a461a5881be9a8790e","deprecated":false},{"signature_type":"Function","signature_version":"v1","target":{"function":"php_var_unserialize_internal","file":"ext/standard/var_unserializer.c"},"digest":{"length":17257,"function_hash":"251453263869907950829270780707514998499"},"id":"CVE-2016-7124-cb740059","source":"https://github.com/php/php-src/commit/20ce2fe8e3c211a42fee05a461a5881be9a8790e","deprecated":false}],"vanir_signatures_modified":"2026-04-11T05:00:43Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-7124.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}