Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-7414

Опубликовано: 23 авг. 2016
Источник: redhat
CVSS3: 5.9
CVSS2: 4.3
EPSS Низкий

Описание

The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5phpNot affected
Red Hat Enterprise Linux 5php53Will not fix
Red Hat Enterprise Linux 6phpWill not fix
Red Hat Enterprise Linux 7phpWill not fix
Red Hat Software Collectionsphp54-phpWill not fix
Red Hat Software Collectionsphp55-phpWill not fix
Red Hat Software Collectionsrh-php56-phpWill not fix
Red Hat Software Collections for Red Hat Enterprise Linux 6rh-php70-phpFixedRHSA-2018:129603.05.2018
Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUSrh-php70-phpFixedRHSA-2018:129603.05.2018
Red Hat Software Collections for Red Hat Enterprise Linux 7rh-php70-phpFixedRHSA-2018:129603.05.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=1377336php: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile

EPSS

Процентиль: 85%
0.02741
Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-7414

CVSS3: 9.8
ubuntu
почти 9 лет назад

The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c.

nvd логотип

CVE-2016-7414

CVSS3: 9.8
nvd
почти 9 лет назад

The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c.

debian логотип

CVE-2016-7414

CVSS3: 9.8
debian
почти 9 лет назад

The ZIP signature-verification feature in PHP before 5.6.26 and 7.x be ...

github логотип

GHSA-xq84-67jm-4565

CVSS3: 9.8
github
около 3 лет назад

The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c.

fstec логотип

BDU:2022-02411

CVSS3: 9.8
fstec
почти 9 лет назад

Уязвимость функции signature-verification интерпретатора языка программирования PHP , вызванная переполнением буфера, позволяющая нарушителю вызвать отказ в обслуживании или, возможно, оказать другое воздействие

EPSS

Процентиль: 85%
0.02741
Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2