CVE-2016-5873

Опубликовано: 23 янв. 2017

Источник: debian

EPSS Низкий

Описание

Buffer overflow in the HTTP URL parsing functions in pecl_http before 3.0.1 might allow remote attackers to execute arbitrary code via non-printable characters in a URL.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
php-pecl-http	fixed	3.0.1-0.1		package
php-pecl-http	not-affected		jessie	package

Примечания

https://bugs.php.net/bug.php?id=71719
https://github.com/m6w6/ext-http/commit/3724cd76a28be1d6049b5537232e97ac567ae1f5/def

EPSS

Процентиль: 89%

0.04743

Низкий

Связанные уязвимости

CVE-2016-5873

CVSS3: 9.8

ubuntu

около 9 лет назад

Buffer overflow in the HTTP URL parsing functions in pecl_http before 3.0.1 might allow remote attackers to execute arbitrary code via non-printable characters in a URL.

CVE-2016-5873

CVSS3: 9.8

nvd

около 9 лет назад

Buffer overflow in the HTTP URL parsing functions in pecl_http before 3.0.1 might allow remote attackers to execute arbitrary code via non-printable characters in a URL.

GHSA-fwhg-hgwv-c646

CVSS3: 9.8

github

больше 3 лет назад

Buffer overflow in the HTTP URL parsing functions in pecl_http before 3.0.1 might allow remote attackers to execute arbitrary code via non-printable characters in a URL.

EPSS

Процентиль: 89%

0.04743

Низкий