CVE-2018-15503

Published: Aug 18, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

The unpack implementation in Swoole version 4.0.4 lacks correct size checks in the deserialization process. An attacker can craft a serialized object to exploit this vulnerability and cause a SEGV.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/swoole/swoole-src/issues/1882

x_refsource_MISC

https://github.com/swoole/swoole-src/commit/4cdbce5d9bf2fe596bb6acd7d6611f9e8c253a76

x_refsource_MISC

https://x-c3ll.github.io/posts/swoole-deserialization-cve-2018-15503/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-15503

Description

Affected Products

References