Multiple vulnerabilities in PHP
| Risk | High |
| Patch available | NO |
| Number of vulnerabilities | 9 |
| CVE-ID | CVE-2016-7133 CVE-2016-7132 CVE-2016-7131 CVE-2016-7130 CVE-2016-7129 CVE-2016-7128 CVE-2016-7127 CVE-2016-7126 CVE-2016-7125 |
| CWE-ID | CWE-190 CWE-476 CWE-20 CWE-200 CWE-787 CWE-74 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
PHP Universal components / Libraries / Scripting languages |
| Vendor | PHP Group |
Security Bulletin
This security bulletin contains information about 9 vulnerabilities.
1) Integer overflow
EUVDB-ID: #VU40095
Risk: High
CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-7133
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Zend/zend_alloc.c in PHP 7.x before 7.0.10, when open_basedir is enabled, mishandles huge realloc operations, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a long pathname.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 7.0.0 - 7.0.9
CPE2.3 External linkshttps://openwall.com/lists/oss-security/2016/09/02/9
https://www.php.net/ChangeLog-7.php
https://www.securityfocus.com/bid/92765
https://bugs.php.net/bug.php?id=72742
https://github.com/php/php-src/commit/c2a13ced4272f2e65d2773e2ea6ca11c1ce4a911?w=1
https://security.gentoo.org/glsa/201611-22
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) NULL pointer dereference
EUVDB-ID: #VU40096
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2016-7132
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via an invalid wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a stray element inside a boolean element, leading to incorrect pop processing.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsPHP: 7.0.0 - 7.0.9
CPE2.3https://openwall.com/lists/oss-security/2016/09/02/9
https://rhn.redhat.com/errata/RHSA-2016-2750.html
https://www.php.net/ChangeLog-5.php
https://www.php.net/ChangeLog-7.php
https://www.securityfocus.com/bid/92767
https://www.securitytracker.com/id/1036680
https://bugs.php.net/bug.php?id=72799
https://github.com/php/php-src/commit/a14fdb9746262549bbbb96abb87338bacd147e1b?w=1
https://security.gentoo.org/glsa/201611-22
https://www.tenable.com/security/tns-2016-19
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) NULL pointer dereference
EUVDB-ID: #VU40097
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2016-7131
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a malformed wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a tag that lacks a < (less than) character.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsPHP: 7.0.0 - 7.0.9
CPE2.3https://openwall.com/lists/oss-security/2016/09/02/9
https://rhn.redhat.com/errata/RHSA-2016-2750.html
https://www.php.net/ChangeLog-5.php
https://www.php.net/ChangeLog-7.php
https://www.securityfocus.com/bid/92768
https://www.securitytracker.com/id/1036680
https://bugs.php.net/bug.php?id=72790
https://github.com/php/php-src/commit/a14fdb9746262549bbbb96abb87338bacd147e1b?w=1
https://security.gentoo.org/glsa/201611-22
https://www.tenable.com/security/tns-2016-19
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) NULL pointer dereference
EUVDB-ID: #VU40098
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2016-7130
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via an invalid base64 binary value, as demonstrated by a wddx_deserialize call that mishandles a binary element in a wddxPacket XML document.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsPHP: 7.0.0 - 7.0.9
CPE2.3https://openwall.com/lists/oss-security/2016/09/02/9
https://rhn.redhat.com/errata/RHSA-2016-2750.html
https://www.php.net/ChangeLog-5.php
https://www.php.net/ChangeLog-7.php
https://www.securityfocus.com/bid/92764
https://www.securitytracker.com/id/1036680
https://bugs.php.net/bug.php?id=72750
https://github.com/php/php-src/commit/698a691724c0a949295991e5df091ce16f899e02?w=1
https://security.gentoo.org/glsa/201611-22
https://www.tenable.com/security/tns-2016-19
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Input validation error
EUVDB-ID: #VU40099
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-7129
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via an invalid ISO 8601 time value, as demonstrated by a wddx_deserialize call that mishandles a dateTime element in a wddxPacket XML document.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 7.0.0 - 7.0.9
CPE2.3https://openwall.com/lists/oss-security/2016/09/02/9
https://rhn.redhat.com/errata/RHSA-2016-2750.html
https://www.php.net/ChangeLog-5.php
https://www.php.net/ChangeLog-7.php
https://www.securityfocus.com/bid/92758
https://www.securitytracker.com/id/1036680
https://bugs.php.net/bug.php?id=72749
https://github.com/php/php-src/commit/426aeb2808955ee3d3f52e0cfb102834cdb836a5?w=1
https://security.gentoo.org/glsa/201611-22
https://www.tenable.com/security/tns-2016-19
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Information disclosure
EUVDB-ID: #VU40100
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2016-7128
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 7.0.0 - 7.0.9
CPE2.3https://openwall.com/lists/oss-security/2016/09/02/9
https://rhn.redhat.com/errata/RHSA-2016-2750.html
https://www.php.net/ChangeLog-5.php
https://www.php.net/ChangeLog-7.php
https://www.securityfocus.com/bid/92564
https://www.securitytracker.com/id/1036680
https://bugs.php.net/bug.php?id=72627
https://github.com/php/php-src/commit/6dbb1ee46b5f4725cc6519abf91e512a2a10dfed?w=1
https://security.gentoo.org/glsa/201611-22
https://www.tenable.com/security/tns-2016-19
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Out-of-bounds write
EUVDB-ID: #VU40101
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-7127
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by providing different signs for the second and third arguments.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 7.0.0 - 7.0.9
CPE2.3https://openwall.com/lists/oss-security/2016/09/02/9
https://rhn.redhat.com/errata/RHSA-2016-2750.html
https://www.php.net/ChangeLog-5.php
https://www.php.net/ChangeLog-7.php
https://www.securityfocus.com/bid/92757
https://www.securitytracker.com/id/1036680
https://bugs.php.net/bug.php?id=72730
https://github.com/php/php-src/commit/1bd103df00f49cf4d4ade2cfe3f456ac058a4eae?w=1
https://security.gentoo.org/glsa/201611-22
https://www.tenable.com/security/tns-2016-19
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Out-of-bounds write
EUVDB-ID: #VU40102
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-7126
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate the number of colors, which allows remote attackers to cause a denial of service (select_colors allocation error and out-of-bounds write) or possibly have unspecified other impact via a large value in the third argument.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 7.0.0 - 7.0.9
CPE2.3https://openwall.com/lists/oss-security/2016/09/02/9
https://rhn.redhat.com/errata/RHSA-2016-2750.html
https://www.php.net/ChangeLog-5.php
https://www.php.net/ChangeLog-7.php
https://www.securityfocus.com/bid/92755
https://www.securitytracker.com/id/1036680
https://bugs.php.net/bug.php?id=72697
https://github.com/php/php-src/commit/b6f13a5ef9d6280cf984826a5de012a32c396cd4?w=1
https://security.gentoo.org/glsa/201611-22
https://www.tenable.com/security/tns-2016-19
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Improper Neutralization of Special Elements in Output Used by a Downstream Component
EUVDB-ID: #VU40103
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2016-7125
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as demonstrated by object injection.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 7.0.0 - 7.0.9
CPE2.3https://openwall.com/lists/oss-security/2016/09/02/9
https://rhn.redhat.com/errata/RHSA-2016-2750.html
https://www.php.net/ChangeLog-5.php
https://www.php.net/ChangeLog-7.php
https://www.securityfocus.com/bid/92552
https://www.securitytracker.com/id/1036680
https://bugs.php.net/bug.php?id=72681
https://github.com/php/php-src/commit/8763c6090d627d8bb0ee1d030c30e58f406be9ce?w=1
https://security.gentoo.org/glsa/201611-22
https://www.tenable.com/security/tns-2016-19
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
