Multiple vulnerabilities in PHP
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2016-1904 CVE-2016-1903 CVE-2015-8617 |
| CWE-ID | CWE-20 CWE-119 CWE-134 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #3 is available. |
| Vulnerable software |
PHP Universal components / Libraries / Scripting languages |
| Vendor | PHP Group |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU40511
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2016-1904
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Multiple integer overflows in ext/standard/exec.c in PHP 7.x before 7.0.2 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a long string to the (1) php_escape_shell_cmd or (2) php_escape_shell_arg function, leading to a heap-based buffer overflow.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 7.0.0 - 7.0.1
CPE2.3 External linkshttps://www.openwall.com/lists/oss-security/2016/01/14/8
https://www.php.net/ChangeLog-7.php
https://www.securitytracker.com/id/1034608
https://bugs.php.net/bug.php?id=71270
https://github.com/php/php-src/commit/2871c70efaaaa0f102557a17c727fd4d5204dd4b
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU40512
Risk: High
CVSSv4.0: 6.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-1903
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to #BASIC_IMPACT#.
The gdImageRotateInterpolated function in ext/gd/libgd/gd_interpolation.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a large bgd_color argument to the imagerotate function.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 5.6.0 - 7.0.1
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-updates/2016-01/msg00099.html
https://lists.opensuse.org/opensuse-updates/2016-02/msg00037.html
https://rhn.redhat.com/errata/RHSA-2016-2750.html
https://www.openwall.com/lists/oss-security/2016/01/14/8
https://www.php.net/ChangeLog-5.php
https://www.php.net/ChangeLog-7.php
https://www.securityfocus.com/bid/79916
https://www.securitytracker.com/id/1034608
https://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.461720
https://www.ubuntu.com/usn/USN-2952-1
https://www.ubuntu.com/usn/USN-2952-2
https://bugs.php.net/bug.php?id=70976
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Format string error
EUVDB-ID: #VU40513
Risk: High
CVSSv4.0: 8.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2015-8617
CWE-ID:
CWE-134 - Use of Externally-Controlled Format String
Exploit availability: Yes
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Format string vulnerability in the zend_throw_or_error function in Zend/zend_execute_API.c in PHP 7.x before 7.0.1 allows remote attackers to execute arbitrary code via format string specifiers in a string that is misused as a class name, leading to incorrect error handling.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 7.0.1
CPE2.3https://php.net/ChangeLog-7.php
https://www.securitytracker.com/id/1034543
https://bugs.php.net/bug.php?id=71105
https://github.com/php/php-src/commit/b101a6bbd4f2181c360bd38e7683df4a03cba83e
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
