Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2016-3141

Опубликовано: 31 мар. 2016
Источник: debian
EPSS Средний

Описание

Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
php5fixed5.6.19+dfsg-1package
php5fixed5.6.19+dfsg-0+deb8u1jessiepackage
php5no-dsawheezypackage

Примечания

  • https://bugs.php.net/bug.php?id=71587

  • Fixed in 5.5.33, 5.6.19

  • https://www.openwall.com/lists/oss-security/2016/03/10/5

  • https://www.openwall.com/lists/oss-security/2016/03/13/1

EPSS

Процентиль: 97%
0.40685
Средний

Связанные уязвимости

ubuntu логотип

CVE-2016-3141

CVSS3: 9.8
ubuntu
больше 9 лет назад

Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element.

redhat логотип

CVE-2016-3141

redhat
больше 9 лет назад

Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element.

nvd логотип

CVE-2016-3141

CVSS3: 9.8
nvd
больше 9 лет назад

Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element.

github логотип

GHSA-29c3-272h-2rcq

CVSS3: 9.8
github
больше 3 лет назад

Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element.

fstec логотип

BDU:2016-00909

fstec
больше 9 лет назад

Уязвимость интерпретатора PHP, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие

EPSS

Процентиль: 97%
0.40685
Средний