Published: 22/05/2016 Updated: 07/11/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The bcpowmod function in ext/bcmath/bcmath.c in PHP prior to 5.5.35, 5.6.x prior to 5.6.21, and 7.x prior to 7.0.6 modifies certain data structures without considering whether they are copies of the _zero_, _one_, or _two_ global variable, which allows remote malicious users to cause a denial of service or possibly have unspecified other impact via a crafted call.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php php 5.6.1
php php 5.6.5
php php 7.0.4
php php 5.6.12
php php 5.6.13
php php 5.6.0
php php 5.6.4
php php 7.0.3
php php 5.6.6
php php 7.0.1
php php 5.6.18
php php 5.6.11
php php 5.6.2
php php 5.6.10
php php
php php 5.6.7
php php 5.6.15
php php 5.6.20
php php 7.0.2
php php 5.6.17
php php 5.6.16
php php 5.6.9
php php 7.0.5
php php 5.6.3
php php 7.0.0
php php 5.6.8
php php 5.6.14
php php 5.6.19
fedoraproject fedora 24
opensuse leap 42.1

Synopsis Moderate: rh-php56 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for rh-php56, rh-php56-php, and rh-php56-php-pear is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Mo ...

Several security issues were fixed in PHP ...

Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development The vulnerabilities are addressed by upgrading PHP to the new upstream version 5622, which includes additional bug fixes Please refer to the upstream changelog for more information: phpnet/ChangeLog-5php#562 ...

The bcpowmod function in ext/bcmath/bcmathc in PHP before 5535, 56x before 5621, and 7x before 706 modifies certain data structures without considering whether they are copies of the _zero_, _one_, or _two_ global variable, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted c ...

CWE-20 http://php.net/ChangeLog-7.php http://php.net/ChangeLog-5.php http://www.openwall.com/lists/oss-security/2016/05/05/21 https://bugs.php.net/bug.php?id=72093 http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183736.html http://lists.opensuse.org/opensuse-updates/2016-06/msg00027.html https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149 http://www.debian.org/security/2016/dsa-3602 http://www.securityfocus.com/bid/90173 http://lists.opensuse.org/opensuse-updates/2016-05/msg00086.html https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722 https://security.gentoo.org/glsa/201611-22 http://rhn.redhat.com/errata/RHSA-2016-2750.html https://git.php.net/?p=php-src.git%3Ba=commit%3Bh=d650063a0457aec56364e4005a636dc6c401f9cd https://access.redhat.com/errata/RHSA-2016:2750 https://usn.ubuntu.com/2984-1/https://nvd.nist.gov

CVE-2016-4538

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect