Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-4070

Опубликовано: 11 мар. 2016
Источник: redhat
CVSS3: 7.5
CVSS2: 4.3
EPSS Низкий

Описание

Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function. NOTE: the vendor says "Not sure if this qualifies as security issue (probably not).

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5phpWill not fix
Red Hat Enterprise Linux 5php53Will not fix
Red Hat Enterprise Linux 6phpAffected
Red Hat Enterprise Linux 7phpAffected
Red Hat Software Collectionsphp54-phpWill not fix
Red Hat Software Collectionsphp55-phpWill not fix
Red Hat Software Collections for Red Hat Enterprise Linux 6rh-php56FixedRHSA-2016:275015.11.2016
Red Hat Software Collections for Red Hat Enterprise Linux 6rh-php56-phpFixedRHSA-2016:275015.11.2016
Red Hat Software Collections for Red Hat Enterprise Linux 6rh-php56-php-pearFixedRHSA-2016:275015.11.2016
Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUSrh-php56FixedRHSA-2016:275015.11.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-190
https://bugzilla.redhat.com/show_bug.cgi?id=1323114php: Integer overflow in php_raw_url_encode

EPSS

Процентиль: 90%
0.0539
Низкий

7.5 High

CVSS3

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-4070

CVSS3: 7.5
ubuntu
около 9 лет назад

** DISPUTED ** Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function. NOTE: the vendor says "Not sure if this qualifies as security issue (probably not)."

nvd логотип

CVE-2016-4070

CVSS3: 7.5
nvd
около 9 лет назад

Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function. NOTE: the vendor says "Not sure if this qualifies as security issue (probably not).

debian логотип

CVE-2016-4070

CVSS3: 7.5
debian
около 9 лет назад

Integer overflow in the php_raw_url_encode function in ext/standard/ur ...

github логотип

GHSA-h5h7-3865-j2r7

CVSS3: 7.5
github
около 3 лет назад

** DISPUTED ** Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function. NOTE: the vendor says "Not sure if this qualifies as security issue (probably not)."

fstec логотип

BDU:2022-02553

CVSS3: 7.5
fstec
около 9 лет назад

Уязвимость функции php_raw_url_encode интерпретатора языка программирования PHP, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 90%
0.0539
Низкий

7.5 High

CVSS3

4.3 Medium

CVSS2