9.8

CVE-2016-4540

Exploit
The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FedoraprojectFedora Version24
OpensuseLeap Version42.1
PhpPhp Version <= 5.5.34
PhpPhp Version5.6.0
PhpPhp Version5.6.1
PhpPhp Version5.6.2
PhpPhp Version5.6.3
PhpPhp Version5.6.4
PhpPhp Version5.6.5
PhpPhp Version5.6.6
PhpPhp Version5.6.7
PhpPhp Version5.6.8
PhpPhp Version5.6.9
PhpPhp Version5.6.10
PhpPhp Version5.6.11
PhpPhp Version5.6.12
PhpPhp Version5.6.13
PhpPhp Version5.6.14
PhpPhp Version5.6.15
PhpPhp Version5.6.16
PhpPhp Version5.6.17
PhpPhp Version5.6.18
PhpPhp Version5.6.19
PhpPhp Version5.6.20
PhpPhp Version7.0.0
PhpPhp Version7.0.1
PhpPhp Version7.0.2
PhpPhp Version7.0.3
PhpPhp Version7.0.4
PhpPhp Version7.0.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.23% 0.926
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
http://php.net/ChangeLog-5.php
Patch
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731
http://rhn.redhat.com/errata/RHSA-2016-2750.html
http://php.net/ChangeLog-7.php
Patch
http://www.debian.org/security/2016/dsa-3602
https://security.gentoo.org/glsa/201611-22
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149
http://lists.opensuse.org/opensuse-updates/2016-06/msg00027.html
http://lists.opensuse.org/opensuse-updates/2016-05/msg00086.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183736.html
http://www.openwall.com/lists/oss-security/2016/05/05/21
http://www.securityfocus.com/bid/90172
https://bugs.php.net/bug.php?id=72061
Exploit
https://git.php.net/?p=php-src.git%3Ba=commit%3Bh=fd9689745c44341b1bd6af4756f324be8abba2fb