Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2016-4539

Опубликовано: 22 мая 2016
Источник: debian

Описание

The xml_parse_into_struct function in ext/xml/xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (buffer under-read and segmentation fault) or possibly have unspecified other impact via crafted XML data in the second argument, leading to a parser level of zero.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
php7.0fixed7.0.6-1package
php5fixed5.6.21+dfsg-1package
hhvmfixed3.12.11+dfsg-1package

Примечания

  • https://bugs.php.net/bug.php?id=72099

  • https://git.php.net/?p=php-src.git;a=commit;h=dccda88f27a084bcbbb30198ace12b4e7ae961cc

  • Fixed in 7.0.6, 5.6.21, 5.5.35

  • https://www.openwall.com/lists/oss-security/2016/05/05/21

  • HHVM fix: https://github.com/facebook/hhvm/commit/7290b3bbcaa1e10a8d807fab3242204e9ec3a015

Связанные уязвимости

ubuntu логотип

CVE-2016-4539

CVSS3: 9.8
ubuntu
больше 9 лет назад

The xml_parse_into_struct function in ext/xml/xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (buffer under-read and segmentation fault) or possibly have unspecified other impact via crafted XML data in the second argument, leading to a parser level of zero.

redhat логотип

CVE-2016-4539

redhat
больше 9 лет назад

The xml_parse_into_struct function in ext/xml/xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (buffer under-read and segmentation fault) or possibly have unspecified other impact via crafted XML data in the second argument, leading to a parser level of zero.

nvd логотип

CVE-2016-4539

CVSS3: 9.8
nvd
больше 9 лет назад

The xml_parse_into_struct function in ext/xml/xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (buffer under-read and segmentation fault) or possibly have unspecified other impact via crafted XML data in the second argument, leading to a parser level of zero.

github логотип

GHSA-649r-6cpm-mqpp

CVSS3: 9.8
github
больше 3 лет назад

The xml_parse_into_struct function in ext/xml/xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (buffer under-read and segmentation fault) or possibly have unspecified other impact via crafted XML data in the second argument, leading to a parser level of zero.

fstec логотип

BDU:2016-01437

fstec
больше 9 лет назад

Уязвимость интерпретатора PHP, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие