Published: 20/05/2016 Updated: 17/05/2024

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP prior to 5.5.34, 5.6.x prior to 5.6.20, and 7.x prior to 7.0.5 allows remote malicious users to cause a denial of service (application crash) via a long string to the rawurlencode function. NOTE: the vendor says "Not sure if this qualifies as security issue (probably not).

Vulnerable Product	Search on Vulmon	Subscribe to Product
php php 5.6.1
php php 5.6.0
php php 5.6.5
php php 7.0.4
php php 5.6.12
php php 5.6.13
php php 5.6.4
php php 7.0.3
php php 5.6.6
php php 7.0.1
php php 5.6.18
php php 5.6.11
php php 5.6.2
php php 5.6.10
php php
php php 5.6.7
php php 5.6.15
php php 7.0.2
php php 5.6.17
php php 5.6.16
php php 5.6.9
php php 5.6.3
php php 7.0.0
php php 5.6.8
php php 5.6.14
php php 5.6.19

Several security issues were fixed in PHP ...

Synopsis Moderate: rh-php56 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for rh-php56, rh-php56-php, and rh-php56-php-pear is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Mo ...

Debian Bug report logs - #835032 hhvm: Various CVEs (CVE-2014-9709 CVE-2015-8865 CVE-2016-1903 CVE-2016-4070 CVE-2016-4539 CVE-2016-6870 CVE-2016-6871 CVE-2016-6872 CVE-2016-6873 CVE-2016-6874 CVE-2016-6875) Package: src:hhvm; Maintainer for src:hhvm is (unknown); Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: ...

Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development The vulnerabilities are addressed by upgrading PHP to the new upstream version 5620, which includes additional bug fixes Please refer to the upstream changelog for more information: phpnet/ChangeLog-5php#562 ...

The following security-related issues were resolved: Buffer over-write in finfo_open with malformed magic file (CVE-2015-8865)Signedness vulnerability causing heap overflow in libgd (CVE-2016-3074)Integer overflow in php_raw_url_encode (CVE-2016-4070)Format string vulnerability in php_snmp_error() (CVE-2016-4071)Invalid memory write in phar on file ...

** DISPUTED ** Integer overflow in the php_raw_url_encode function in ext/standard/urlc in PHP before 5534, 56x before 5620, and 7x before 705 allows remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function NOTE: the vendor says "Not sure if this qualifies as security issue (probabl ...

CWE-189 http://www.php.net/ChangeLog-7.php http://www.openwall.com/lists/oss-security/2016/04/24/1 https://support.apple.com/HT206567 https://bugs.php.net/bug.php?id=71798 http://www.php.net/ChangeLog-5.php http://lists.apple.com/archives/security-announce/2016/May/msg00004.html https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149 http://www.securityfocus.com/bid/85801 http://www.debian.org/security/2016/dsa-3560 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00033.html http://www.ubuntu.com/usn/USN-2952-1 http://www.ubuntu.com/usn/USN-2952-2 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00056.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00031.html https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722 http://rhn.redhat.com/errata/RHSA-2016-2750.html https://git.php.net/?p=php-src.git%3Ba=commit%3Bh=95433e8e339dbb6b5d5541473c1661db6ba2c451 https://usn.ubuntu.com/2984-1/https://nvd.nist.gov

CVE-2016-4070

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect