Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2016-6294

Опубликовано: 25 июл. 2016
Источник: nvd
CVSS3: 9.8
CVSS2: 7.5
EPSS Средний

Описание

The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long argument.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
Версия до 5.5.37 (включая)
cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.0:beta4:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.8:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.9:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.10:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.11:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.12:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.13:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.14:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.15:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.16:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.17:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.18:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.19:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.20:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.21:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.22:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.23:*:*:*:*:*:*:*
cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:7.0.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:7.0.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:7.0.8:*:*:*:*:*:*:*

EPSS

Процентиль: 93%
0.10423
Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-125

Связанные уязвимости

ubuntu логотип

CVE-2016-6294

CVSS3: 9.8
ubuntu
почти 9 лет назад

The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long argument.

redhat логотип

CVE-2016-6294

CVSS3: 4.4
redhat
почти 9 лет назад

The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long argument.

debian логотип

CVE-2016-6294

CVSS3: 9.8
debian
почти 9 лет назад

The locale_accept_from_http function in ext/intl/locale/locale_methods ...

github логотип

GHSA-m629-55p3-x5vv

CVSS3: 9.8
github
около 3 лет назад

The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long argument.

fstec логотип

BDU:2022-02466

CVSS3: 9.8
fstec
почти 9 лет назад

Уязвимость функции locale_accept_from_http (ext/intl/locale/locale_methods.c) интерпретатора языка программирования PHP, позволяющая нарушителю вызвать отказ в обслуживании или, возможно, оказать другое воздействие

EPSS

Процентиль: 93%
0.10423
Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-125