Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2016-5399

Published: 21/04/2017 Updated: 12/02/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 685
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Php

Vulnerability Summary

The bzread function in ext/bz2/bz2.c in PHP prior to 5.5.38, 5.6.x prior to 5.6.24, and 7.x prior to 7.0.9 allows remote malicious users to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

php php

Vendor Advisories

Red Hat: Moderate: rh-php56 security, bug fix, and enhancement update
Synopsis Moderate: rh-php56 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for rh-php56, rh-php56-php, and rh-php56-php-pear is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Mo ...
Ubuntu Security Notice: php5, php7.0 vulnerabilities
Several security issues were fixed in PHP ...
Red Hat: CVE-2016-5399
A flaw was found in the way certain error conditions were handled by bzread() function in PHP An attacker could use this flaw to upload a specially crafted bz2 archive which, when parsed via the vulnerable function, could cause the application to crash or execute arbitrary code with the permissions of the user running the PHP application ...

Exploits

Exploit DB: PHP 5.5.37/5.6.23/7.0.8 - 'bzread()' Out-of-Bounds Write
''' PHP 708, 5623 and 5537 does not perform adequate error handling in its `bzread()' function: php-708/ext/bz2/bz2c ,---- | 364 static PHP_FUNCTION(bzread) | 365 { | | 382 ZSTR_LEN(data) = php_stream_read(stream, ZSTR_VAL(data), ZSTR_LEN(data)); | 383 ZSTR_VAL(data)[ZSTR_LEN(data)] = '\0'; | 384 | 385 RETURN_NEW_STR(data) ...
Exploit DB: PHP 7.0.8 / 5.6.23 / 5.5.37 bzread() OOB Write
PHP versions 708, 5623, and 5537 suffers from an out-of-bounds write vulnerability in bzread() ...

References

CWE-787https://www.exploit-db.com/exploits/40155/https://bugzilla.redhat.com/show_bug.cgi?id=1358395https://bugs.php.net/bug.php?id=72613http://www.securitytracker.com/id/1036430http://www.securityfocus.com/bid/92051http://www.openwall.com/lists/oss-security/2016/07/21/1http://seclists.org/fulldisclosure/2016/Jul/72http://php.net/ChangeLog-7.phphttp://php.net/ChangeLog-5.phphttp://packetstormsecurity.com/files/137998/PHP-7.0.8-5.6.23-5.5.37-bzread-OOB-Write.htmlhttp://www.debian.org/security/2016/dsa-3631http://rhn.redhat.com/errata/RHSA-2016-2750.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2598.htmlhttps://security.netapp.com/advisory/ntap-20180112-0001/http://www.securityfocus.com/archive/1/538966/100/0/threadedhttps://access.redhat.com/errata/RHSA-2016:2750https://nvd.nist.govhttps://usn.ubuntu.com/3045-1/https://www.exploit-db.com/exploits/40155/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120CVE-2024-35921CVE-2024-35874brute forceCVE-2024-36080unprivilegedCVE-2024-35917IDORCVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook