Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog
Консоль
Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog

exploitDog

ubuntu Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2016-10160

ΠžΠΏΡƒΠ±Π»ΠΈΠΊΠΎΠ²Π°Π½ΠΎ: 24 янв. 2017
Π˜ΡΡ‚ΠΎΡ‡Π½ΠΈΠΊ: ubuntu
ΠŸΡ€ΠΈΠΎΡ€ΠΈΡ‚Π΅Ρ‚: medium
EPSS Низкий
CVSS2: 7.5
CVSS3: 9.8

ОписаниС

Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch.

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

released

5.5.9+dfsg-1ubuntu4.21
precise

released

5.3.10-1ubuntu3.26
trusty

released

5.5.9+dfsg-1ubuntu4.21
trusty/esm

released

5.5.9+dfsg-1ubuntu4.21
upstream

released

5.6.30
vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

xenial

DNE

yakkety

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

released

7.0.15-1ubuntu2
esm-infra-legacy/trusty

DNE

esm-infra/xenial

released

7.0.15-0ubuntu0.16.04.2
precise

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

7.0.15
vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

xenial

released

7.0.15-0ubuntu0.16.04.2

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Бсылки Π½Π° источники

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 88%
0.03771
Низкий

7.5 High

CVSS2

9.8 Critical

CVSS3

БвязанныС уязвимости

redhat Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2016-10160

CVSS3: 5.3
redhat
ΠΏΠΎΡ‡Ρ‚ΠΈ 9 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch.

nvd Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2016-10160

CVSS3: 9.8
nvd
ΠΏΠΎΡ‡Ρ‚ΠΈ 9 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch.

debian Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2016-10160

CVSS3: 9.8
debian
ΠΏΠΎΡ‡Ρ‚ΠΈ 9 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

Off-by-one error in the phar_parse_pharfile function in ext/phar/phar. ...

github Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

GHSA-4jqc-cj54-frf5

CVSS3: 9.8
github
большС 3 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch.

fstec Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

BDU:2017-01601

fstec
ΠΏΠΎΡ‡Ρ‚ΠΈ 9 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡ‚ΡŒ Ρ„ΡƒΠ½ΠΊΡ†ΠΈΠΈ phar_parse_pharfile ΠΈΠ½Ρ‚Π΅Ρ€ΠΏΡ€Π΅Ρ‚Π°Ρ‚ΠΎΡ€Π° PHP, ΠΏΠΎΠ·Π²ΠΎΠ»ΡΡŽΡ‰Π°Ρ Π½Π°Ρ€ΡƒΡˆΠΈΡ‚Π΅Π»ΡŽ Π²Ρ‹Π·Π²Π°Ρ‚ΡŒ ΠΎΡ‚ΠΊΠ°Π· Π² обслуТивании ΠΈΠ»ΠΈ Π²Ρ‹ΠΏΠΎΠ»Π½ΠΈΡ‚ΡŒ ΠΏΡ€ΠΎΠΈΠ·Π²ΠΎΠ»ΡŒΠ½Ρ‹ΠΉ ΠΊΠΎΠ΄

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 88%
0.03771
Низкий

7.5 High

CVSS2

9.8 Critical

CVSS3

Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡ‚ΡŒ CVE-2016-10160