Published: 07/08/2016 Updated: 05/01/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 8.6 | Impact Score: 4.7 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The get_icu_value_internal function in ext/intl/locale/locale_methods.c in PHP prior to 5.5.36, 5.6.x prior to 5.6.22, and 7.x prior to 7.0.7 does not ensure the presence of a '\0' character, which allows remote malicious users to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted locale_get_primary_language call.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php php 5.6.2
php php 5.6.19
php php 7.0.6
php php 5.6.18
php php 5.6.6
php php 5.6.7
php php 5.6.0
php php 5.6.1
php php 7.0.0
php php 7.0.1
php php 5.6.17
php php 5.6.16
php php 5.6.15
php php 5.6.8
php php 5.6.9
php php
php php 7.0.2
php php 7.0.3
php php 5.6.14
php php 5.6.3
php php 5.6.13
php php 5.6.12
php php 5.6.21
php php 5.6.20
php php 7.0.4
php php 7.0.5
php php 5.6.4
php php 5.6.5
php php 5.6.11
php php 5.6.10

Synopsis Moderate: rh-php56 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for rh-php56, rh-php56-php, and rh-php56-php-pear is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Mo ...

Several security issues were fixed in PHP ...

Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development The vulnerabilities are addressed by upgrading PHP to the new upstream version 5622, which includes additional bug fixes Please refer to the upstream changelog for more information: phpnet/ChangeLog-5php#562 ...

The following security-related issues were resolved: Out-of-bounds read in imagescale (CVE-2013-7456)Integer underflow causing arbitrary null write in fread/gzread (CVE-2016-5096)Integer overflow in php_html_entities() (CVE-2016-5094)Integer overflow in php_filter_full_special_chars() (CVE-2016-5095)Out-of-bounds heap read in get_icu_value_internal ...

The following security-related issues were resolved: Out-of-bounds read in imagescale (CVE-2013-7456)Integer underflow causing arbitrary null write in fread/gzread (CVE-2016-5096)The phar_make_dirstream function in ext/phar/dirstreamc in PHP before 5618 and 7x before 703 mishandles zero-size //@LongLink files, which allows remote attackers ...

CWE-125 http://php.net/ChangeLog-7.php http://php.net/ChangeLog-5.php https://bugs.php.net/bug.php?id=72241 http://www.openwall.com/lists/oss-security/2016/05/26/3 https://github.com/php/php-src/commit/97eff7eb57fc2320c267a949cffd622c38712484?w=1 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731 http://www.debian.org/security/2016/dsa-3602 http://www.securityfocus.com/bid/90946 http://rhn.redhat.com/errata/RHSA-2016-2750.html https://access.redhat.com/errata/RHSA-2016:2750 https://nvd.nist.gov https://usn.ubuntu.com/3045-1/

CVE-2016-5093

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect