Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-5769

Опубликовано: 23 июн. 2016
Источник: redhat
CVSS3: 5.6
CVSS2: 5.1
EPSS Низкий

Описание

Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted length value, related to the (1) mcrypt_generic and (2) mdecrypt_generic functions.

Отчет

The versions of PHP package shipped with Red Hat Enterprise Linux, do not have support for mcrypt.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5phpNot affected
Red Hat Enterprise Linux 5php53Not affected
Red Hat Enterprise Linux 6phpNot affected
Red Hat Enterprise Linux 7phpNot affected
Red Hat Software Collectionsphp54-phpNot affected
Red Hat Software Collectionsphp55-phpNot affected
Red Hat Software Collectionsrh-php56-phpNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-190->CWE-122
https://bugzilla.redhat.com/show_bug.cgi?id=1351070php: Integer Overflows in mcrypt_generic() and mdecrypt_generic() resulting in heap overflows

EPSS

Процентиль: 90%
0.05895
Низкий

5.6 Medium

CVSS3

5.1 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-5769

CVSS3: 9.8
ubuntu
около 9 лет назад

Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted length value, related to the (1) mcrypt_generic and (2) mdecrypt_generic functions.

nvd логотип

CVE-2016-5769

CVSS3: 9.8
nvd
около 9 лет назад

Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted length value, related to the (1) mcrypt_generic and (2) mdecrypt_generic functions.

debian логотип

CVE-2016-5769

CVSS3: 9.8
debian
около 9 лет назад

Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP ...

github логотип

GHSA-5jqx-3p4m-wv4h

CVSS3: 9.8
github
около 3 лет назад

Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted length value, related to the (1) mcrypt_generic and (2) mdecrypt_generic functions.

fstec логотип

BDU:2022-02542

CVSS3: 9.8
fstec
около 9 лет назад

Уязвимость расширения mcrypt интерпретатора языка программирования PHP, позволяющая нарушителю вызвать отказ в обслуживании или, возможно, оказать другое воздействие

EPSS

Процентиль: 90%
0.05895
Низкий

5.6 Medium

CVSS3

5.1 Medium

CVSS2