CVE-2017-5340 log

Source
Severity High
Remote Yes
Type Arbitrary code execution
Description
It was found that PHP uses uninitialized memory during calls to `unserialize()`. The payload supplied to `unserialize()` may control this uninitialized memory region and thus may be used to trick PHP into operating on faked objects and calling attacker controlled destructor function pointers, effectively allowing arbitrary code execution via specially crafted serialized data.
Group Package Affected Fixed Severity Status Ticket
AVG-105 php 7.0.13-1 7.1.1-0 High Fixed
Date Advisory Group Package Severity Description
19 Jan 2017 ASA-201701-28 AVG-105 php High multiple issues
References
https://bugs.php.net/bug.php?id=73832