Published: 22/05/2016 Updated: 07/11/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The xml_parse_into_struct function in ext/xml/xml.c in PHP prior to 5.5.35, 5.6.x prior to 5.6.21, and 7.x prior to 7.0.6 allows remote malicious users to cause a denial of service (buffer under-read and segmentation fault) or possibly have unspecified other impact via crafted XML data in the second argument, leading to a parser level of zero.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php php 5.6.1
php php 5.6.5
php php 7.0.4
php php 5.6.12
php php 5.6.13
php php 5.6.0
php php 5.6.4
php php 7.0.3
php php 5.6.6
php php 7.0.1
php php 5.6.18
php php 5.6.11
php php 5.6.2
php php 5.6.10
php php 5.6.7
php php 5.6.15
php php 5.6.20
php php 7.0.2
php php 5.6.17
php php 5.6.16
php php 5.6.9
php php
php php 7.0.5
php php 5.6.3
php php 7.0.0
php php 5.6.8
php php 5.6.14
php php 5.6.19
opensuse leap 42.1
fedoraproject fedora 24

Synopsis Moderate: rh-php56 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for rh-php56, rh-php56-php, and rh-php56-php-pear is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Mo ...

Debian Bug report logs - #835032 hhvm: Various CVEs (CVE-2014-9709 CVE-2015-8865 CVE-2016-1903 CVE-2016-4070 CVE-2016-4539 CVE-2016-6870 CVE-2016-6871 CVE-2016-6872 CVE-2016-6873 CVE-2016-6874 CVE-2016-6875) Package: src:hhvm; Maintainer for src:hhvm is (unknown); Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: ...

Several security issues were fixed in PHP ...

Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development The vulnerabilities are addressed by upgrading PHP to the new upstream version 5622, which includes additional bug fixes Please refer to the upstream changelog for more information: phpnet/ChangeLog-5php#562 ...

The xml_parse_into_struct function in ext/xml/xmlc in PHP before 5535, 56x before 5621, and 7x before 706 allows remote attackers to cause a denial of service (buffer under-read and segmentation fault) or possibly have unspecified other impact via crafted XML data in the second argument, leading to a parser level of zero ...

CWE-119 http://php.net/ChangeLog-7.php http://php.net/ChangeLog-5.php http://www.openwall.com/lists/oss-security/2016/05/05/21 https://bugs.php.net/bug.php?id=72099 http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183736.html http://lists.opensuse.org/opensuse-updates/2016-06/msg00027.html https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149 http://www.debian.org/security/2016/dsa-3602 http://www.securityfocus.com/bid/90174 http://lists.opensuse.org/opensuse-updates/2016-05/msg00086.html https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722 https://security.gentoo.org/glsa/201611-22 http://rhn.redhat.com/errata/RHSA-2016-2750.html https://git.php.net/?p=php-src.git%3Ba=commit%3Bh=dccda88f27a084bcbbb30198ace12b4e7ae961cc https://access.redhat.com/errata/RHSA-2016:2750 https://usn.ubuntu.com/2984-1/https://nvd.nist.gov

CVE-2016-4539

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect