Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2016-1904

Опубликовано: 19 янв. 2016
Источник: debian
EPSS Низкий

Описание

Multiple integer overflows in ext/standard/exec.c in PHP 7.x before 7.0.2 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a long string to the (1) php_escape_shell_cmd or (2) php_escape_shell_arg function, leading to a heap-based buffer overflow.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
php5not-affectedpackage
php5.6not-affectedpackage
php7.0fixed7.0.2-1package

Примечания

  • Already using safe_emalloc() in php_escape_shell_cmd()

  • https://bugs.php.net/bug.php?id=71270

  • https://github.com/php/php-src/commit/2871c70efaaaa0f102557a17c727fd4d5204dd4b

EPSS

Процентиль: 53%
0.00303
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2016-1904

CVSS3: 7.3
ubuntu
больше 9 лет назад

Multiple integer overflows in ext/standard/exec.c in PHP 7.x before 7.0.2 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a long string to the (1) php_escape_shell_cmd or (2) php_escape_shell_arg function, leading to a heap-based buffer overflow.

redhat логотип

CVE-2016-1904

redhat
больше 9 лет назад

Multiple integer overflows in ext/standard/exec.c in PHP 7.x before 7.0.2 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a long string to the (1) php_escape_shell_cmd or (2) php_escape_shell_arg function, leading to a heap-based buffer overflow.

nvd логотип

CVE-2016-1904

CVSS3: 7.3
nvd
больше 9 лет назад

Multiple integer overflows in ext/standard/exec.c in PHP 7.x before 7.0.2 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a long string to the (1) php_escape_shell_cmd or (2) php_escape_shell_arg function, leading to a heap-based buffer overflow.

github логотип

GHSA-hmwm-ccmh-23mq

CVSS3: 7.3
github
больше 3 лет назад

Multiple integer overflows in ext/standard/exec.c in PHP 7.x before 7.0.2 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a long string to the (1) php_escape_shell_cmd or (2) php_escape_shell_arg function, leading to a heap-based buffer overflow.

fstec логотип

BDU:2016-00386

fstec
больше 9 лет назад

Уязвимости интерпретатора PHP, позволяющие нарушителю вызвать отказ в обслуживании или оказать другое воздействие

EPSS

Процентиль: 53%
0.00303
Низкий