Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2016-3078

Published: 07/08/2016 Updated: 20/07/2022
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Php

Vulnerability Summary

Multiple integer overflows in php_zip.c in the zip extension in PHP prior to 7.0.6 allow remote malicious users to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted call to (1) getFromIndex or (2) getFromName in the ZipArchive class.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

php php

Vendor Advisories

Ubuntu Security Notice: php5, php7.0 vulnerabilities
Several security issues were fixed in PHP ...
Red Hat: CVE-2016-3078
Multiple integer overflows in php_zipc in the zip extension in PHP before 706 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted call to (1) getFromIndex or (2) getFromName in the ZipArchive class ...

Exploits

Exploit DB: PHP 7.0.5 - ZipArchive::getFrom* Integer Overflow
Details ======= An integer wrap may occur in PHP 7x before version 706 when reading zip files with the getFromIndex() and getFromName() methods of ZipArchive, resulting in a heap overflow php-705/ext/zip/php_zipc ,---- | 2679 static void php_zip_get_from(INTERNAL_FUNCTION_PARAMETERS, int type) /* {{{ */ | 2680 { | | 2684 struct zip_st ...
Exploit DB: PHP 7.x Heap Overflow
An integer wrap may occur in PHP 7x before version 706 when reading zip files with the getFromIndex() and getFromName() methods of ZipArchive, resulting in a heap overflow Full exploit included ...

References

CWE-190http://www.openwall.com/lists/oss-security/2016/04/28/1https://bugs.php.net/bug.php?id=71923https://security-tracker.debian.org/tracker/CVE-2016-3078https://github.com/php/php-src/commit/3b8d4de300854b3517c7acb239b84f7726c1353c?w=1https://php.net/ChangeLog-7.phphttp://www.securitytracker.com/id/1035701https://www.exploit-db.com/exploits/39742/https://usn.ubuntu.com/2984-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/39742/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middleCVE-2024-34558CVE-2024-32674CVE-2024-34351XPath injectionCVE-2023-45866CVE-2024-25528CVE-2024-25517path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook