Critical severity9.8NVD Advisory· Published Aug 18, 2017· Updated Jun 17, 2026
CVE-2017-12933
CVE-2017-12933
Description
The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of PHP.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
39cpe:2.3:a:php:php:*:*:*:*:*:*:*:*+ 29 more
- cpe:2.3:a:php:php:*:*:*:*:*:*:*:*range: <=5.6.30
- cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.19:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.20:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.1.6:*:*:*:*:*:*:*
- (no CPE)range: <5.6.31, <7.0.21, <7.1.7
- osv-coords9 versionspkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/php5&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012pkg:rpm/suse/php5&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/php5&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012pkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3
< 5.3.17-112.5.1+ 8 more
- (no CPE)range: < 5.3.17-112.5.1
- (no CPE)range: < 5.3.17-112.5.1
- (no CPE)range: < 5.3.17-112.5.1
- (no CPE)range: < 5.5.14-109.8.2
- (no CPE)range: < 5.5.14-109.8.2
- (no CPE)range: < 5.5.14-109.8.2
- (no CPE)range: < 7.0.7-50.18.1
- (no CPE)range: < 7.0.7-50.18.1
- (no CPE)range: < 7.0.7-50.18.1
Patches
Vulnerability mechanics
References
9- php.net/ChangeLog-5.phpnvdRelease NotesVendor Advisory
- php.net/ChangeLog-7.phpnvdRelease NotesVendor Advisory
- www.securityfocus.com/bid/99490nvdThird Party AdvisoryVDB Entry
- bugs.php.net/bug.phpnvdVendor Advisory
- access.redhat.com/errata/RHSA-2018:1296nvd
- usn.ubuntu.com/3566-1/nvd
- usn.ubuntu.com/3566-2/nvd
- www.debian.org/security/2018/dsa-4080nvd
- www.debian.org/security/2018/dsa-4081nvd
News mentions
0No linked articles in our index yet.