9.8

CVE-2016-6294

Exploit
The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long argument.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpPhp Version <= 5.5.37
PhpPhp Version5.6.0 Updatealpha1
PhpPhp Version5.6.0 Updatealpha2
PhpPhp Version5.6.0 Updatealpha3
PhpPhp Version5.6.0 Updatealpha4
PhpPhp Version5.6.0 Updatealpha5
PhpPhp Version5.6.0 Updatebeta1
PhpPhp Version5.6.0 Updatebeta2
PhpPhp Version5.6.0 Updatebeta3
PhpPhp Version5.6.0 Updatebeta4
PhpPhp Version5.6.1
PhpPhp Version5.6.2
PhpPhp Version5.6.3
PhpPhp Version5.6.4
PhpPhp Version5.6.5
PhpPhp Version5.6.6
PhpPhp Version5.6.7
PhpPhp Version5.6.8
PhpPhp Version5.6.9
PhpPhp Version5.6.10
PhpPhp Version5.6.11
PhpPhp Version5.6.12
PhpPhp Version5.6.13
PhpPhp Version5.6.14
PhpPhp Version5.6.15
PhpPhp Version5.6.16
PhpPhp Version5.6.17
PhpPhp Version5.6.18
PhpPhp Version5.6.19
PhpPhp Version5.6.20
PhpPhp Version5.6.21
PhpPhp Version5.6.22
PhpPhp Version5.6.23
PhpPhp Version7.0.0
PhpPhp Version7.0.1
PhpPhp Version7.0.2
PhpPhp Version7.0.3
PhpPhp Version7.0.4
PhpPhp Version7.0.5
PhpPhp Version7.0.8
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.96% 0.923
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

http://php.net/ChangeLog-5.php
Release Notes
http://rhn.redhat.com/errata/RHSA-2016-2750.html
http://php.net/ChangeLog-7.php
Release Notes
http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html
https://support.apple.com/HT207170
https://security.gentoo.org/glsa/201611-22
http://www.debian.org/security/2016/dsa-3631
http://openwall.com/lists/oss-security/2016/07/24/2
Mailing List
http://www.securitytracker.com/id/1036430
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=aa82e99ed8003c01f1ef4f0940e56b85c5b032d4
https://bugs.php.net/72533
Patch
Third Party Advisory
Exploit
Issue Tracking
Mitigation
http://www.securityfocus.com/bid/92115
Third Party Advisory
VDB Entry