Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2016-5770

Published: 07/08/2016 Updated: 20/07/2022
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Php

Vulnerability Summary

Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in PHP prior to 5.5.37 and 5.6.x prior to 5.6.23 allows remote malicious users to cause a denial of service or possibly have unspecified other impact via a large integer argument, a related issue to CVE-2016-5096.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

php php

opensuse leap 42.1

opensuse opensuse 13.2

debian debian linux 8.0

Vendor Advisories

Red Hat: Moderate: rh-php56 security, bug fix, and enhancement update
Synopsis Moderate: rh-php56 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for rh-php56, rh-php56-php, and rh-php56-php-pear is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Mo ...
Debian Security Advisories: DSA-3618-1 php5 -- security update
Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development The vulnerabilities are addressed by upgrading PHP to the new upstream version 5623, which includes additional bug fixes Please refer to the upstream changelog for more information: phpnet/ChangeLog-5php#5623 ...
Amazon Linux AMI: ALAS-2016-728
A stack consumption vulnerability in GD in PHP allows remote attackers to cause a denial of service via a crafted imagefilltoborder call (CVE-2015-8874) An integer overflow, leading to a heap-based buffer overflow was found in the imagecreatefromgd2() function of PHP's gd extension A remote attacker could use this flaw to crash a PHP application ...
Red Hat: CVE-2016-5770
A type confusion issue was found in the SPLFileObject fread() function A remote attacker able to submit a specially crafted input to a PHP application, which uses this function, could use this flaw to execute arbitrary code with the privileges of the user running that PHP application ...

References

CWE-190https://bugs.php.net/bug.php?id=72262http://php.net/ChangeLog-5.phphttp://www.openwall.com/lists/oss-security/2016/06/23/4http://github.com/php/php-src/commit/7245bff300d3fa8bacbef7897ff080a6f1c23eba?w=1https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731https://support.apple.com/HT207170http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.htmlhttp://lists.opensuse.org/opensuse-updates/2016-08/msg00003.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.htmlhttp://www.securityfocus.com/bid/91403http://www.debian.org/security/2016/dsa-3618http://rhn.redhat.com/errata/RHSA-2016-2750.htmlhttps://access.redhat.com/errata/RHSA-2016:2750https://nvd.nist.govhttps://www.debian.org/security/./dsa-3618
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook