Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-5399

Опубликовано: 18 июл. 2016
Источник: redhat
CVSS3: 8.1
CVSS2: 5.1
EPSS Средний

Описание

The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive.

A flaw was found in the way certain error conditions were handled by bzread() function in PHP. An attacker could use this flaw to upload a specially crafted bz2 archive which, when parsed via the vulnerable function, could cause the application to crash or execute arbitrary code with the permissions of the user running the PHP application.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5phpWill not fix
Red Hat Enterprise Linux 5php53Will not fix
Red Hat Enterprise Linux 6phpWill not fix
Red Hat Enterprise Linux 8bzip2Not affected
Red Hat Enterprise Linux 8phpNot affected
Red Hat Software Collectionsphp54-phpWill not fix
Red Hat Software Collectionsphp55-phpWill not fix
Red Hat Enterprise Linux 7phpFixedRHSA-2016:259803.11.2016
Red Hat Software Collections for Red Hat Enterprise Linux 6rh-php56FixedRHSA-2016:275015.11.2016
Red Hat Software Collections for Red Hat Enterprise Linux 6rh-php56-phpFixedRHSA-2016:275015.11.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-390
https://bugzilla.redhat.com/show_bug.cgi?id=1358395php: Improper error handling in bzread()

EPSS

Процентиль: 95%
0.18733
Средний

8.1 High

CVSS3

5.1 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-5399

CVSS3: 7.8
ubuntu
около 8 лет назад

The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive.

nvd логотип

CVE-2016-5399

CVSS3: 7.8
nvd
около 8 лет назад

The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive.

debian логотип

CVE-2016-5399

CVSS3: 7.8
debian
около 8 лет назад

The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x befor ...

github логотип

GHSA-3wxp-gf5c-jh8g

CVSS3: 7.8
github
около 3 лет назад

The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive.

fstec логотип

BDU:2022-02544

CVSS3: 8.8
fstec
около 8 лет назад

Уязвимость функции bzread (ext/bz2/bz2.c) интерпретатора языка программирования PHP, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

EPSS

Процентиль: 95%
0.18733
Средний

8.1 High

CVSS3

5.1 Medium

CVSS2