Description Preview
The identified vulnerability is a use-after-free issue that exists in the Collator::sortWithSortKeys function in ext/intl/collator/collator_sort.c in PHP 7.x versions prior to 7.0.1. This vulnerability can be exploited by remote attackers to cause a denial of service (application crash) or possibly have unspecified other impacts by leveraging the relationships between a key buffer and a destroyed array.
Overview
The vulnerability is a use-after-free issue that exists in the Collator::sortWithSortKeys function in ext/intl/collator/collator_sort.c in PHP 7.x versions prior to 7.0.1. This issue can be exploited by remote attackers to cause a denial of service (application crash) or possibly have unspecified other impacts. The vulnerability was made public on 2015-12-07 and the information was updated on 2016-01-19.
Remediation
Users of affected PHP versions are advised to upgrade to PHP 7.0.1 or later to mitigate this vulnerability. It is always recommended to keep your software up-to-date to prevent such vulnerabilities.
References
Industry ExposureMost to leastThis section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.
- Educational ServicesEducational Services
- Accommodation & Food ServicesAccommodation & Food Services
- Administrative, Support, Waste Management & Remediation ServicesAdministrative, Support, Waste Management & Remediation Services
- Agriculture, Forestry Fishing & HuntingAgriculture, Forestry Fishing & Hunting
- Arts, Entertainment & RecreationArts, Entertainment & Recreation
- ConstructionConstruction
- Finance and InsuranceFinance and Insurance
- Health Care & Social AssistanceHealth Care & Social Assistance
- InformationInformation
- Management of Companies & EnterprisesManagement of Companies & Enterprises
- ManufacturingManufacturing
- MiningMining
- Other Services (except Public Administration)Other Services (except Public Administration)
- Professional, Scientific, & Technical ServicesProfessional, Scientific, & Technical Services
- Public AdministrationPublic Administration
- Real Estate Rental & LeasingReal Estate Rental & Leasing
- Retail TradeRetail Trade
- Transportation & WarehousingTransportation & Warehousing
- UtilitiesUtilities
- Wholesale TradeWholesale Trade
