Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2016-4073

Опубликовано: 20 мая 2016
Источник: debian
EPSS Средний

Описание

Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted mb_strcut call.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
php7.0fixed7.0.5-1package
php5fixed5.6.20+dfsg-1package

Примечания

  • Fixed in 7.0.5, 5.6.20, 5.5.34

  • https://bugs.php.net/bug.php?id=71906

  • https://gist.github.com/smalyshev/d8355c96a657cc5dba70

  • https://git.php.net/?p=php-src.git;a=commit;h=64f42c73efc58e88671ad76b6b6bc8e2b62713e1

  • https://www.openwall.com/lists/oss-security/2016/04/11/7

EPSS

Процентиль: 93%
0.11044
Средний

Связанные уязвимости

ubuntu логотип

CVE-2016-4073

CVSS3: 9.8
ubuntu
около 9 лет назад

Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted mb_strcut call.

redhat логотип

CVE-2016-4073

CVSS3: 4.5
redhat
около 9 лет назад

Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted mb_strcut call.

nvd логотип

CVE-2016-4073

CVSS3: 9.8
nvd
около 9 лет назад

Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted mb_strcut call.

github логотип

GHSA-3fjc-9f6x-jrfx

CVSS3: 9.8
github
около 3 лет назад

Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted mb_strcut call.

fstec логотип

BDU:2016-01444

fstec
около 9 лет назад

Уязвимости интерпретатора PHP и операционной системы Mac OS X, позволяющие нарушителю вызвать отказ в обслуживании или выполнить произвольный код

EPSS

Процентиль: 93%
0.11044
Средний