Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2016-4343

Published: 22/05/2016 Updated: 20/07/2022
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

The phar_make_dirstream function in ext/phar/dirstream.c in PHP prior to 5.6.18 and 7.x prior to 7.0.3 mishandles zero-size ././@LongLink files, which allows remote malicious users to cause a denial of service (uninitialized pointer dereference) or possibly have unspecified other impact via a crafted TAR archive.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

php php

opensuse opensuse 13.2

Vendor Advisories

Ubuntu Security Notice: php5, php7.0 vulnerabilities
Several security issues were fixed in PHP ...
Red Hat: Moderate: rh-php56 security, bug fix, and enhancement update
Synopsis Moderate: rh-php56 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for rh-php56, rh-php56-php, and rh-php56-php-pear is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Mo ...
Amazon Linux AMI: ALAS-2016-707
The following security-related issues were resolved: Out-of-bounds read in imagescale (CVE-2013-7456)Integer underflow causing arbitrary null write in fread/gzread (CVE-2016-5096)The phar_make_dirstream function in ext/phar/dirstreamc in PHP before 5618 and 7x before 703 mishandles zero-size //@LongLink files, which allows remote attackers ...
Red Hat: CVE-2016-4343
The phar_make_dirstream function in ext/phar/dirstreamc in PHP before 5618 and 7x before 703 mishandles zero-size //@LongLink files, which allows remote attackers to cause a denial of service (uninitialized pointer dereference) or possibly have unspecified other impact via a crafted TAR archive ...

References

CWE-824http://php.net/ChangeLog-7.phphttp://php.net/ChangeLog-5.phphttps://bugs.php.net/bug.php?id=71331http://www.openwall.com/lists/oss-security/2016/04/28/2https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149http://www.securityfocus.com/bid/89179http://lists.opensuse.org/opensuse-updates/2016-05/msg00086.htmlhttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722http://rhn.redhat.com/errata/RHSA-2016-2750.htmlhttps://usn.ubuntu.com/2984-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316SQL injectiontype confusionCVE-2024-20697CVE-2024-4344localCVE-2024-30043CVE-2024-3821CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook