Multiple vulnerabilities in PHP
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 20 |
| CVE-ID | CVE-2016-5114 CVE-2016-5095 CVE-2016-3132 CVE-2015-8935 CVE-2016-6296 CVE-2016-6297 CVE-2016-5399 CVE-2016-6290 |
| CWE-ID | CWE-200 CWE-416 CWE-401 CWE-119 CWE-476 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #15 is available. |
| Vulnerable software |
PHP Universal components / Libraries / Scripting languages macOS Operating systems & Components / Operating system Oracle Linux Operating systems & Components / Operating system |
| Vendor |
PHP Group Apple Inc. Oracle |
Security Bulletin
This security bulletin contains information about 20 vulnerabilities.
This security billeting describes multiple vulnerabilities in PHP, which can be executed to disclose potentially sensitive information, cause denial of service and remotely execute arbitrary code on the target system.
1) A read/write access error in gdImageTrueColorToPaletteBody()
EUVDB-ID: #VU225
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-5114
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to disclose potentially sensitive information.
The vulnerability exists due to gdImageTrueColorToPaletteBody() function doesn't check for negative transparent colors while converting the image. A remote unauthenticated attacker can cause a read/write access error in gdImageTrueColorToPaletteBody().
Successful exploitation of this vulnerability may lead to arbitrary NULL-byte write and disclosure of potentially sensitive data.
MitigationInstall the latest versions: (5.5.38, 5.6.24, 7.0.9).
Vulnerable software versionsPHP: 5.5.0 - 7.0.8
CPE2.3- cpe:2.3:a:php_group:php:5.5.37:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.6.23:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:7.0.8:*:*:*:*:*:*:*
https://bugs.php.net/bug.php?id=72512
https://php.net/ChangeLog-5.php#5.5.38
https://php.net/ChangeLog-5.php#5.6.24
https://php.net/ChangeLog-7.php#7.0.9
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) An out-of-bounds access erorr in imagegif/output
EUVDB-ID: #VU224
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-5095
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause information disclosure.
The vulnerability exists due to error in imagegif/output function in gd_gif_out.c file that causes out-of-bounds read of the masks array when ctx->cur_bits becomes a negative number. A remote unauthenticated attacker can cause an out-of-bounds access erorr in imagegif/output.
Successful exploitation of this vulnerability may result in information disclosure.
Install the latest versions: (5.5.38, 5.6.24, 7.0.9).
Vulnerable software versionsPHP: 5.5.0 - 7.0.8
CPE2.3https://bugs.php.net/bug.php?id=72519
https://php.net/ChangeLog-5.php#5.5.38
https://php.net/ChangeLog-5.php#5.6.24
https://php.net/ChangeLog-7.php#7.0.9
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) A use-after-free error in MBString
EUVDB-ID: #VU223
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-3132
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a use-after-free memory error in MBString. A remote unauthenticated attacker can execute arbitrary code execution on the target system.
Successful exploitation of this vulnerability may result in complete compromise of the vulnerable system.
Install the latest version: (7.0.9).
Vulnerable software versionsPHP: 7.0.0 - 7.0.8
CPE2.3https://bugs.php.net/bug.php?id=72399
https://php.net/ChangeLog-5.php#5.5.38
https://php.net/ChangeLog-5.php#5.6.24
https://php.net/ChangeLog-7.php#7.0.9
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) An out-of-bounds read error in mb_ereg_replace - mbc_to_code
EUVDB-ID: #VU222
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2015-8935
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to disclose potentially sensitive information.
The vulnerability exists due to mbc_to_code function performs oob access, if pattern is shorter than 6 characters. A remote unauthenticated attacker can cause an out-of-bounds read error in mb_ereg_replace - mbc_to_code.
Successful exploitation of this vulnerability may result in memory coruption and disclosure of memory contents.
Install the latest version: (7.0.9).
Vulnerable software versionsPHP: 7.0.0 - 7.0.8
CPE2.3https://bugs.php.net/bug.php?id=72405
https://php.net/ChangeLog-5.php#5.5.38
https://php.net/ChangeLog-5.php#5.6.24
https://php.net/ChangeLog-7.php#7.0.9
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Heap overflow in simplestring_addn()
EUVDB-ID: #VU221
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-6296
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to heap-based buffer overflow in simplestring_addn() function ('simplestring.c') within the XMLRPC component. A remote unauthenticated attacker can cause a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Install the latest versions: (5.5.38, 5.6.24, 7.0.9).
Vulnerable software versionsPHP: 5.5.0 - 7.0.8
macOS: 15.0.0 - 15.6.0
CPE2.3 External linkshttps://bugs.php.net/bug.php?id=72606
https://php.net/ChangeLog-5.php#5.5.38
https://php.net/ChangeLog-5.php#5.6.24
https://php.net/ChangeLog-7.php#7.0.9
https://support.apple.com/en-us/HT207170
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Integer overflow in php_stream_zip_opener()
EUVDB-ID: #VU220
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-6297
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the php_stream_zip_opener() funciton, which fails to check the path_len argument. A remote unauthenticated attacker can cause integer overflow in php_stream_zip_opener() and currupt memory.
Successful exploitation of this vulnerability may lead to remote code execution.
Install the latest versions: (5.5.38, 5.6.24, 7.0.9).
Vulnerable software versionsPHP: 5.5.0 - 7.0.8
macOS: 15.0.0 - 15.6.0
CPE2.3https://bugs.php.net/bug.php?id=72520
https://php.net/ChangeLog-5.php#5.5.38
https://php.net/ChangeLog-5.php#5.6.24
https://php.net/ChangeLog-7.php#7.0.9
https://support.apple.com/en-us/HT207170
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Heap-based buffer overflow in proc_open()
EUVDB-ID: #VU219
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: N/A
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists in the "_php_array_to_envp()" function within the "ext\standard\proc_open.c" file. A remote unauthenticated attacker can cause a heap-based buffer overflow in proc_open() while processing the '$env' parameter in the PCRE component.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Install the latest version: (7.0.9).
Vulnerable software versionsPHP: 7.0.0 - 7.0.8
CPE2.3https://bugs.php.net/bug.php?id=72306
https://php.net/ChangeLog-7.php#7.0.9
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) A cast error in mdecrypt_generic()
EUVDB-ID: #VU218
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: N/A
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a cast error within the mdecrypt_generic() function. A remote unauthenticated attacker can cause a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Install the latest version: (7.0.9).
Vulnerable software versionsPHP: 7.0.0 - 7.0.8
CPE2.3https://bugs.php.net/bug.php?id=72551
https://php.net/ChangeLog-7.php#7.0.9
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Buffer overflow in ps_files_cleanup_dir()
EUVDB-ID: #VU213
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: N/A
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a buffer overflow in ps_files_cleanup_dir() function. A remote unauthenticated attacker can execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Install the latest version: (7.0.9).
Vulnerable software versionsPHP: 7.0.0 - 7.0.8
CPE2.3https://bugs.php.net/bug.php?id=72531
https://php.net/ChangeLog-7.php#7.0.9
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) An out-of-bounds read in locale_accept_from_http()
EUVDB-ID: #VU212
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: N/A
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to disclose potentially sensitive information.
The vulnerability exists due to an out-of-bounds read in locale_accept_from_http() function. A remote unauthenticated attacker can read system memory outside the allocated buffer.
Successful exploitation of this vulnerability may result in sensitive information disclosure.
Install the latest versions: (5.5.38, 5.6.24, 7.0.9).
Vulnerable software versionsPHP: 5.5.0 - 7.0.8
CPE2.3https://bugs.php.net/bug.php?id=72533
https://php.net/ChangeLog-5.php#5.5.38
https://php.net/ChangeLog-5.php#5.6.24
https://php.net/ChangeLog-7.php#7.0.9
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Integer overflow in _gdContributionsAlloc()
EUVDB-ID: #VU211
Risk: Low
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: N/A
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause an integer overflow.
The vulnerability exists due to integer overflow in "_gdContributionsAlloc()" function. This vulnerability can be exploited to cause an out-of-bounds memory write access.
Successful exploitation of this vulnerability may result in denial of service.
Install the latest versions: (5.5.38, 5.6.24, 7.0.9).
Vulnerable software versionsPHP: 5.5.0 - 7.0.8
CPE2.3https://bugs.php.net/bug.php?id=72558
https://php.net/ChangeLog-5.php#5.5.38
https://php.net/ChangeLog-5.php#5.6.24
https://php.net/ChangeLog-7.php#7.0.9
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) NULL pointer dereference in exif_process_user_comment()
EUVDB-ID: #VU210
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: N/A
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause denial of service conditions.
The vulnerability exists due to a NULL pointer dereference error in the "exif_process_user_comment()" function. A remote unauthenticated attacker can cause a denial of servoice when trying to encode JIS string.
Successful exploitation of this vulnerability may result in a crash of a worker process.
Install the latest versions: (5.5.38, 5.6.24, 7.0.9).
Vulnerable software versionsPHP: 5.5.0 - 7.0.8
CPE2.3https://bugs.php.net/72618
https://php.net/ChangeLog-5.php#5.5.38
https://php.net/ChangeLog-5.php#5.6.24
https://php.net/ChangeLog-7.php#7.0.9
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) An out-of-bounds read in exif_process_IFD_in_MAKERNOTE()
EUVDB-ID: #VU209
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: N/A
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to disclose potentially sensitive information.
The vulnerability exists due to an out-of-bounds read error in exif_process_IFD_in_MAKERNOTE() function. A remote unauthenticated attacker can gain access to potentially sensitive data.
Successful exploitation of this vulnerability may lead to information leak or memory corruption.
Install the latest versions: (5.5.38, 5.6.24, 7.0.9).
Vulnerable software versionsPHP: 5.5.0 - 7.0.8
CPE2.3https://bugs.php.net/bug.php?id=72603
https://php.net/ChangeLog-5.php#5.5.38
https://php.net/ChangeLog-5.php#5.6.24
https://php.net/ChangeLog-7.php#7.0.9
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) A heap-based overflow in curl
EUVDB-ID: #VU208
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: N/A
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a heap-based buffer overflow in curl library. A remote unauthenticated attacker can execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Install the latest version: (7.0.9).
PHP: 7.0.0 - 7.0.8
CPE2.3https://bugs.php.net/bug.php?id=72541
https://php.net/ChangeLog-7.php#7.0.9
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Out-of-bounds write in bzread()
EUVDB-ID: #VU207
Risk: High
CVSSv4.0: 8.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2016-5399
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to incorrect error handling in bzread() function. A remote unauthenticated attacker can cause buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Install the latest versions: (5.5.38, 5.6.24, 7.0.9).
PHP: 5.5.0 - 7.0.8
Oracle Linux: 7
CPE2.3 External linkshttps://bugs.php.net/bug.php?id=72613
https://php.net/ChangeLog-5.php#5.5.38
https://php.net/ChangeLog-5.php#5.6.24
https://php.net/ChangeLog-7.php#7.0.9
https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
16) Type confusion error in php_bz2_filter_create()
EUVDB-ID: #VU206
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: N/A
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error in php_bz2_filter_create() function. A remote unauthenticated attacker can execute arbitrary code o the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Install the latest vesion: (5.6.24).
PHP: 5.6.0 - 5.6.23
CPE2.3https://bugs.php.net/bug.php?id=72447
https://php.net/ChangeLog-5.php#5.6.24
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Use-after-free error in unserialize()
EUVDB-ID: #VU205
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-6290
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to an use-after-free erorr in unserialize() function. A remote unauthenticated attacker can cause memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Install the latest versions: (5.5.38, 5.6.24, 7.0.9).
Vulnerable software versionsPHP: 5.5.0 - 7.0.8
macOS: 15.0.0 - 15.6.0
CPE2.3https://bugs.php.net/bug.php?id=72562
https://php.net/ChangeLog-5.php#5.5.38
https://php.net/ChangeLog-5.php#5.6.24
https://php.net/ChangeLog-7.php#7.0.9
https://support.apple.com/en-us/HT207170
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Integer overflow in virtual_file_ex()
EUVDB-ID: #VU204
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: N/A
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in path_length variable in virtual_file_ex() function. A remote unauthenticated attacker can execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Install the latest versions: (5.5.38, 5.6.24, 7.0.9).
Vulnerable software versionsPHP: 5.5.0 - 7.0.8
CPE2.3https://bugs.php.net/bug.php?id=72513
https://php.net/ChangeLog-5.php#5.6.24
https://www.php.net/ChangeLog-7.php#7.0.9
https://php.net/ChangeLog-5.php#5.5.38
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Integer overflow in ZVAL processing
EUVDB-ID: #VU203
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: N/A
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing string-typed ZVAL. A remote unauthenticated attacker can cause an integer overflow during ZVAL processing.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Install the latest versions: (5.5.38, 5.6.24, 7.0.9).
Vulnerable software versionsPHP: 5.5.0 - 7.0.8
CPE2.3https://bugs.php.net/bug.php?id=72403
https://www.php.net/ChangeLog-5.php#5.6.24
https://php.net/ChangeLog-5.php#5.5.38
https://www.php.net/ChangeLog-7.php#7.0.9
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Buffer overflow in php_url_parse_ex()
EUVDB-ID: #VU202
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: N/A
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a buffer overflow error in php_url_parse_ex() function. A remote attacker can execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Install the latest version: (5.5.38).
Vulnerable software versionsPHP: 5.5.0 - 5.5.37
CPE2.3https://bugs.php.net/bug.php?id=70480
https://php.net/ChangeLog-5.php#5.5.38
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
