Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-5768

Опубликовано: 23 июн. 2016
Источник: redhat
CVSS3: 3.7
CVSS2: 2.6

Описание

Double free vulnerability in the _php_mb_regex_ereg_replace_exec function in php_mbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by leveraging a callback exception.

A double free flaw was found in the mb_ereg_replace_callback() function of php which is used to perform regex search. This flaw could possibly cause a PHP application to crash.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5phpWill not fix
Red Hat Enterprise Linux 5php53Will not fix
Red Hat Enterprise Linux 6phpWill not fix
Red Hat Software Collectionsphp54-phpWill not fix
Red Hat Software Collectionsphp55-phpWill not fix
Red Hat Enterprise Linux 7phpFixedRHSA-2016:259803.11.2016
Red Hat Software Collections for Red Hat Enterprise Linux 6rh-php56FixedRHSA-2016:275015.11.2016
Red Hat Software Collections for Red Hat Enterprise Linux 6rh-php56-phpFixedRHSA-2016:275015.11.2016
Red Hat Software Collections for Red Hat Enterprise Linux 6rh-php56-php-pearFixedRHSA-2016:275015.11.2016
Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUSrh-php56FixedRHSA-2016:275015.11.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=1351168php: Double free in _php_mb_regex_ereg_replace_exec

3.7 Low

CVSS3

2.6 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-5768

CVSS3: 9.8
ubuntu
почти 9 лет назад

Double free vulnerability in the _php_mb_regex_ereg_replace_exec function in php_mbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by leveraging a callback exception.

nvd логотип

CVE-2016-5768

CVSS3: 9.8
nvd
почти 9 лет назад

Double free vulnerability in the _php_mb_regex_ereg_replace_exec function in php_mbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by leveraging a callback exception.

debian логотип

CVE-2016-5768

CVSS3: 9.8
debian
почти 9 лет назад

Double free vulnerability in the _php_mb_regex_ereg_replace_exec funct ...

github логотип

GHSA-4r5p-hffq-cgf5

CVSS3: 9.8
github
около 3 лет назад

Double free vulnerability in the _php_mb_regex_ereg_replace_exec function in php_mbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by leveraging a callback exception.

fstec логотип

BDU:2022-02543

CVSS3: 9.8
fstec
почти 9 лет назад

Уязвимость расширения mbstring интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольный PHP-код

3.7 Low

CVSS3

2.6 Low

CVSS2

Уязвимость CVE-2016-5768