Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2016-7398

Опубликовано: 06 сент. 2019
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 7.5
CVSS3: 9.8

Описание

A type confusion vulnerability in the merge_param() function of php_http_params.c in PHP's pecl-http extension 3.1.0beta2 (PHP 7) and earlier as well as 2.6.0beta2 (PHP 5) and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests.

РелизСтатусПримечание
bionic

not-affected

3.1.0+2.6.0-4build8
devel

not-affected

3.1.0+2.6.0-4build8
disco

ignored

end of life
eoan

not-affected

3.1.0+2.6.0-4build8
esm-apps/bionic

not-affected

3.1.0+2.6.0-4build8
esm-apps/focal

not-affected

3.1.0+2.6.0-4build8
esm-apps/jammy

not-affected

3.1.0+2.6.0-4build8
esm-apps/noble

not-affected

3.1.0+2.6.0-4build8
esm-apps/xenial

needed

esm-infra-legacy/trusty

DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 90%
0.05723
Низкий

7.5 High

CVSS2

9.8 Critical

CVSS3

Связанные уязвимости

nvd логотип

CVE-2016-7398

CVSS3: 9.8
nvd
больше 6 лет назад

A type confusion vulnerability in the merge_param() function of php_http_params.c in PHP's pecl-http extension 3.1.0beta2 (PHP 7) and earlier as well as 2.6.0beta2 (PHP 5) and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests.

debian логотип

CVE-2016-7398

CVSS3: 9.8
debian
больше 6 лет назад

A type confusion vulnerability in the merge_param() function of php_ht ...

github логотип

GHSA-jx2x-3hjr-6vp8

CVSS3: 9.8
github
больше 3 лет назад

A type confusion vulnerability in the merge_param() function of php_http_params.c in PHP's pecl-http extension 3.1.0beta2 (PHP 7) and earlier as well as 2.6.0beta2 (PHP 5) and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests.

EPSS

Процентиль: 90%
0.05723
Низкий

7.5 High

CVSS2

9.8 Critical

CVSS3