Multiple vulnerabilities in PHP



Published: 2016-07-22
Risk High
Patch available YES
Number of vulnerabilities 20
CVE-ID CVE-2016-5114
CVE-2016-5095
CVE-2016-3132
CVE-2015-8935
CVE-2016-6296
CVE-2016-6297
CVE-2016-5399
CVE-2016-6290
CWE-ID CWE-200
CWE-416
CWE-401
CWE-119
CWE-476
Exploitation vector Network
Public exploit Public exploit code for vulnerability #15 is available.
Vulnerable software
Subscribe
PHP
Universal components / Libraries / Scripting languages

macOS
Operating systems & Components / Operating system

Oracle Linux
Operating systems & Components / Operating system

Vendor PHP Group
Apple Inc.
Oracle

Security Bulletin

This security bulletin contains information about 20 vulnerabilities.

This security billeting describes multiple vulnerabilities in PHP, which can be executed to disclose potentially sensitive information, cause denial of service and remotely execute arbitrary code on the target system.

1) A read/write access error in gdImageTrueColorToPaletteBody()

EUVDB-ID: #VU225

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-5114

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to disclose potentially sensitive information.

The vulnerability exists due to gdImageTrueColorToPaletteBody() function doesn't check for negative transparent colors while converting the image. A remote unauthenticated attacker can cause a read/write access error in gdImageTrueColorToPaletteBody().

Successful exploitation of this vulnerability may lead to arbitrary NULL-byte write and disclosure of potentially sensitive data.

Mitigation

Install the latest versions: (5.5.38, 5.6.24, 7.0.9).

Vulnerable software versions

PHP: 5.5.0 - 7.0.8

External links

http://bugs.php.net/bug.php?id=72512
http://php.net/ChangeLog-5.php#5.5.38
http://php.net/ChangeLog-5.php#5.6.24
http://php.net/ChangeLog-7.php#7.0.9


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) An out-of-bounds access erorr in imagegif/output

EUVDB-ID: #VU224

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-5095

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause information disclosure.

The vulnerability exists due to error in imagegif/output function in gd_gif_out.c file that causes out-of-bounds read of the masks array when ctx->cur_bits becomes a negative number. A remote unauthenticated attacker can cause an out-of-bounds access erorr in imagegif/output.

Successful exploitation of this vulnerability may result in information disclosure.

Mitigation

Install the latest versions: (5.5.38, 5.6.24, 7.0.9).

Vulnerable software versions

PHP: 5.5.0 - 7.0.8

External links

http://bugs.php.net/bug.php?id=72519
http://php.net/ChangeLog-5.php#5.5.38
http://php.net/ChangeLog-5.php#5.6.24
http://php.net/ChangeLog-7.php#7.0.9


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) A use-after-free error in MBString

EUVDB-ID: #VU223

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-3132

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a use-after-free memory error in MBString. A remote unauthenticated attacker can execute arbitrary code execution on the target system.

Successful exploitation of this vulnerability may result in complete compromise of the vulnerable system.

Mitigation

Install the latest version: (7.0.9).

Vulnerable software versions

PHP: 7.0.0 - 7.0.8

External links

http://bugs.php.net/bug.php?id=72399
http://php.net/ChangeLog-5.php#5.5.38
http://php.net/ChangeLog-5.php#5.6.24
http://php.net/ChangeLog-7.php#7.0.9


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) An out-of-bounds read error in mb_ereg_replace - mbc_to_code

EUVDB-ID: #VU222

Risk: Low

CVSSv3.1: 5.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2015-8935

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a remote attacker to disclose potentially sensitive information.

The vulnerability exists due to mbc_to_code function performs oob access, if pattern is shorter than 6 characters. A remote unauthenticated attacker can cause an out-of-bounds read error in mb_ereg_replace - mbc_to_code.

Successful exploitation of this vulnerability may result in memory coruption and disclosure of memory contents.

Mitigation

Install the latest version: (7.0.9).

Vulnerable software versions

PHP: 7.0.0 - 7.0.8

External links

http://bugs.php.net/bug.php?id=72405
http://php.net/ChangeLog-5.php#5.5.38
http://php.net/ChangeLog-5.php#5.6.24
http://php.net/ChangeLog-7.php#7.0.9


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Heap overflow in simplestring_addn()

EUVDB-ID: #VU221

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-6296

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to heap-based buffer overflow in simplestring_addn() function ('simplestring.c') within the XMLRPC component. A remote unauthenticated attacker can cause a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install the latest versions: (5.5.38, 5.6.24, 7.0.9).

Vulnerable software versions

PHP: 5.5.0 - 7.0.8

macOS: 15.0.0 - 15.6.0

External links

http://bugs.php.net/bug.php?id=72606
http://php.net/ChangeLog-5.php#5.5.38
http://php.net/ChangeLog-5.php#5.6.24
http://php.net/ChangeLog-7.php#7.0.9
http://support.apple.com/en-us/HT207170


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Integer overflow in php_stream_zip_opener()

EUVDB-ID: #VU220

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-6297

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in the php_stream_zip_opener() funciton, which fails to check the path_len argument. A remote unauthenticated attacker can cause integer overflow in php_stream_zip_opener() and currupt memory.

Successful exploitation of this vulnerability may lead to remote code execution.

Mitigation

Install the latest versions: (5.5.38, 5.6.24, 7.0.9).

Vulnerable software versions

PHP: 5.5.0 - 7.0.8

macOS: 15.0.0 - 15.6.0

External links

http://bugs.php.net/bug.php?id=72520
http://php.net/ChangeLog-5.php#5.5.38
http://php.net/ChangeLog-5.php#5.6.24
http://php.net/ChangeLog-7.php#7.0.9
http://support.apple.com/en-us/HT207170


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Heap-based buffer overflow in proc_open()

EUVDB-ID: #VU219

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists in the "_php_array_to_envp()" function within the "ext\standard\proc_open.c" file. A remote unauthenticated attacker can cause a heap-based buffer overflow in proc_open() while processing the '$env' parameter in the PCRE component.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install the latest version: (7.0.9).

Vulnerable software versions

PHP: 7.0.0 - 7.0.8

External links

http://bugs.php.net/bug.php?id=72306
http://php.net/ChangeLog-7.php#7.0.9


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) A cast error in mdecrypt_generic()

EUVDB-ID: #VU218

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a cast error within the mdecrypt_generic() function. A remote unauthenticated attacker can cause a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install the latest version: (7.0.9).

Vulnerable software versions

PHP: 7.0.0 - 7.0.8

External links

http://bugs.php.net/bug.php?id=72551
http://php.net/ChangeLog-7.php#7.0.9


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Buffer overflow in ps_files_cleanup_dir()

EUVDB-ID: #VU213

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a buffer overflow in ps_files_cleanup_dir() function. A remote unauthenticated attacker can execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install the latest version: (7.0.9).

Vulnerable software versions

PHP: 7.0.0 - 7.0.8

External links

http://bugs.php.net/bug.php?id=72531
http://php.net/ChangeLog-7.php#7.0.9


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) An out-of-bounds read in locale_accept_from_http()

EUVDB-ID: #VU212

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to disclose potentially sensitive information.

The vulnerability exists due to an out-of-bounds read in locale_accept_from_http() function. A remote unauthenticated attacker can read system memory outside the allocated buffer.

Successful exploitation of this vulnerability may result in sensitive information disclosure.

Mitigation

Install the latest versions: (5.5.38, 5.6.24, 7.0.9).

Vulnerable software versions

PHP: 5.5.0 - 7.0.8

External links

http://bugs.php.net/bug.php?id=72533
http://php.net/ChangeLog-5.php#5.5.38
http://php.net/ChangeLog-5.php#5.6.24
http://php.net/ChangeLog-7.php#7.0.9


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Integer overflow in _gdContributionsAlloc()

EUVDB-ID: #VU211

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause an integer overflow.

The vulnerability exists due to integer overflow in "_gdContributionsAlloc()" function. This vulnerability can be exploited to cause an out-of-bounds memory write access.

Successful exploitation of this vulnerability may result in denial of service.

Mitigation

Install the latest versions: (5.5.38, 5.6.24, 7.0.9).

Vulnerable software versions

PHP: 5.5.0 - 7.0.8

External links

http://bugs.php.net/bug.php?id=72558
http://php.net/ChangeLog-5.php#5.5.38
http://php.net/ChangeLog-5.php#5.6.24
http://php.net/ChangeLog-7.php#7.0.9


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) NULL pointer dereference in exif_process_user_comment()

EUVDB-ID: #VU210

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause denial of service conditions.

The vulnerability exists due to a NULL pointer dereference error in the "exif_process_user_comment()" function. A remote unauthenticated attacker can cause a denial of servoice when trying to encode JIS string.

Successful exploitation of this vulnerability may result in a crash of a worker process.

Mitigation

Install the latest versions: (5.5.38, 5.6.24, 7.0.9).

Vulnerable software versions

PHP: 5.5.0 - 7.0.8

External links

http://bugs.php.net/72618
http://php.net/ChangeLog-5.php#5.5.38
http://php.net/ChangeLog-5.php#5.6.24
http://php.net/ChangeLog-7.php#7.0.9


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) An out-of-bounds read in exif_process_IFD_in_MAKERNOTE()

EUVDB-ID: #VU209

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a remote attacker to disclose potentially sensitive information.

The vulnerability exists due to an out-of-bounds read error in exif_process_IFD_in_MAKERNOTE() function. A remote unauthenticated attacker can gain access to potentially sensitive data.

Successful exploitation of this vulnerability may lead to information leak or memory corruption.

Mitigation

Install the latest versions: (5.5.38, 5.6.24, 7.0.9).

Vulnerable software versions

PHP: 5.5.0 - 7.0.8

External links

http://bugs.php.net/bug.php?id=72603
http://php.net/ChangeLog-5.php#5.5.38
http://php.net/ChangeLog-5.php#5.6.24
http://php.net/ChangeLog-7.php#7.0.9


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) A heap-based overflow in curl

EUVDB-ID: #VU208

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a heap-based buffer overflow in curl library. A remote unauthenticated attacker can execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install the latest version: (7.0.9).

Vulnerable software versions

PHP: 7.0.0 - 7.0.8

External links

http://bugs.php.net/bug.php?id=72541
http://php.net/ChangeLog-7.php#7.0.9


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Out-of-bounds write in bzread()

EUVDB-ID: #VU207

Risk: High

CVSSv3.1: 9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2016-5399

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to incorrect error handling in bzread() function. A remote unauthenticated attacker can cause buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install the latest versions: (5.5.38, 5.6.24, 7.0.9).

Vulnerable software versions

PHP: 5.5.0 - 7.0.8

Oracle Linux: 7

External links

http://bugs.php.net/bug.php?id=72613
http://php.net/ChangeLog-5.php#5.5.38
http://php.net/ChangeLog-5.php#5.6.24
http://php.net/ChangeLog-7.php#7.0.9
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

16) Type confusion error in php_bz2_filter_create()

EUVDB-ID: #VU206

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error in php_bz2_filter_create() function. A remote unauthenticated attacker can execute arbitrary code o the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install the latest vesion: (5.6.24).

Vulnerable software versions

PHP: 5.6.0 - 5.6.23

External links

http://bugs.php.net/bug.php?id=72447
http://php.net/ChangeLog-5.php#5.6.24


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Use-after-free error in unserialize()

EUVDB-ID: #VU205

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-6290

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to an use-after-free erorr in unserialize() function. A remote unauthenticated attacker can cause memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install the latest versions: (5.5.38, 5.6.24, 7.0.9).

Vulnerable software versions

PHP: 5.5.0 - 7.0.8

macOS: 15.0.0 - 15.6.0

External links

http://bugs.php.net/bug.php?id=72562
http://php.net/ChangeLog-5.php#5.5.38
http://php.net/ChangeLog-5.php#5.6.24
http://php.net/ChangeLog-7.php#7.0.9
http://support.apple.com/en-us/HT207170


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Integer overflow in virtual_file_ex()

EUVDB-ID: #VU204

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in path_length variable in virtual_file_ex() function. A remote unauthenticated attacker can execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install the latest versions: (5.5.38, 5.6.24, 7.0.9).

Vulnerable software versions

PHP: 5.5.0 - 7.0.8

External links

http://bugs.php.net/bug.php?id=72513
http://php.net/ChangeLog-5.php#5.6.24
http://www.php.net/ChangeLog-7.php#7.0.9
http://php.net/ChangeLog-5.php#5.5.38


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Integer overflow in ZVAL processing

EUVDB-ID: #VU203

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing string-typed ZVAL. A remote unauthenticated attacker can cause an integer overflow during ZVAL processing.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install the latest versions: (5.5.38, 5.6.24, 7.0.9).

Vulnerable software versions

PHP: 5.5.0 - 7.0.8

External links

http://bugs.php.net/bug.php?id=72403
http://www.php.net/ChangeLog-5.php#5.6.24
http://php.net/ChangeLog-5.php#5.5.38
http://www.php.net/ChangeLog-7.php#7.0.9


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Buffer overflow in php_url_parse_ex()

EUVDB-ID: #VU202

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a buffer overflow error in php_url_parse_ex() function. A remote attacker can execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install the latest version: (5.5.38).

Vulnerable software versions

PHP: 5.5.0 - 5.5.37

External links

http://bugs.php.net/bug.php?id=70480
http://php.net/ChangeLog-5.php#5.5.38


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###