CVE-2016-5096HIGH
Description
Integer overflow in the fread function in ext/standard/file.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer in the second argument.
References
http://php.net/ChangeLog-5.php
http://rhn.redhat.com/errata/RHSA-2016-2750.html
http://www.debian.org/security/2016/dsa-3602
http://www.openwall.com/lists/oss-security/2016/05/26/3
http://www.securityfocus.com/bid/90861
https://bugs.php.net/bug.php?id=72114
https://github.com/php/php-src/commit/abd159cce48f3e34f08e4751c568e09677d5ec9c?w=1
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731
Details
Source: MITRE
Published: 2016-08-07
Updated: 2018-01-05
Type: CWE-190
Risk Information
CVSS v2.0
Base Score: 7.5
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 10
Severity: HIGH
CVSS v3.0
Base Score: 8.6
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Impact Score: 4.7
Exploitability Score: 3.9
Severity: HIGH
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions up to 5.5.35 (inclusive)
cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.0:beta4:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.8:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.9:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.10:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.11:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.12:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.13:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.14:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.15:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.16:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.17:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.18:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.19:*:*:*:*:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 129236 | EulerOS 2.0 SP3 : php (EulerOS-SA-2019-2043) | Nessus | Huawei Local Security Checks | high |
| 128931 | EulerOS Virtualization for ARM 64 3.0.2.0 : php (EulerOS-SA-2019-1928) | Nessus | Huawei Local Security Checks | high |
| 128917 | EulerOS 2.0 SP2 : php (EulerOS-SA-2019-1865) | Nessus | Huawei Local Security Checks | high |
| 128087 | EulerOS 2.0 SP5 : php (EulerOS-SA-2019-1795) | Nessus | Huawei Local Security Checks | high |
| 98812 | PHP 5.6.x < 5.6.22 Multiple Vulnerabilities | Web Application Scanning | Component Vulnerability | high |
| 106502 | pfSense < 2.3.1-p5 Multiple Vulnerabilities (SA-16_07 / SA-16_08) | Nessus | Firewalls | high |
| 93161 | SUSE SLES11 Security Update : php53 (SUSE-SU-2016:1638-1) (BACKRONYM) | Nessus | SuSE Local Security Checks | critical |
| 93160 | SUSE SLED12 / SLES12 Security Update : php5 (SUSE-SU-2016:1633-1) | Nessus | SuSE Local Security Checks | high |
| 92959 | F5 Networks BIG-IP : PHP vulnerability (K43449212) | Nessus | F5 Networks Local Security Checks | high |
| 92699 | Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : php5, php7.0 vulnerabilities (USN-3045-1) (httpoxy) | Nessus | Ubuntu Local Security Checks | high |
| 92497 | Mac OS X 10.9.5 and 10.10.5 Multiple Vulnerabilities (Security Update 2016-004) | Nessus | MacOS X Local Security Checks | critical |
| 92496 | Mac OS X 10.11.x < 10.11.6 Multiple Vulnerabilities | Nessus | MacOS X Local Security Checks | critical |
| 92149 | Fedora 24 : php (2016-b967ac1a74) | Nessus | Fedora Local Security Checks | high |
| 92106 | Fedora 23 : php (2016-6b1938566f) | Nessus | Fedora Local Security Checks | high |
| 92104 | Fedora 22 : php (2016-65f1ffdc0c) | Nessus | Fedora Local Security Checks | high |
| 9393 | PHP 5.5.x < 5.5.37 / 5.6.x < 5.6.23 / 7.0.x < 7.0.8 Multiple Vulnerabilities | Nessus Network Monitor | Web Servers | high |
| 91900 | Debian DLA-533-1 : php5 security update | Nessus | Debian Local Security Checks | high |
| 91869 | openSUSE Security Update : php5 (openSUSE-2016-776) | Nessus | SuSE Local Security Checks | high |
| 91665 | SUSE SLES11 Security Update : php53 (SUSE-SU-2016:1581-1) | Nessus | SuSE Local Security Checks | critical |
| 91615 | Debian DSA-3602-1 : php5 - security update | Nessus | Debian Local Security Checks | high |
| 91585 | openSUSE Security Update : php5 (openSUSE-2016-703) | Nessus | SuSE Local Security Checks | high |
| 91466 | Amazon Linux AMI : php55 (ALAS-2016-707) | Nessus | Amazon Linux Local Security Checks | high |
| 91465 | Amazon Linux AMI : php56 (ALAS-2016-706) | Nessus | Amazon Linux Local Security Checks | high |
| 91442 | PHP 5.6.x < 5.6.22 Multiple Vulnerabilities | Nessus | CGI abuses | high |
| 91441 | PHP 5.5.x < 5.5.36 Multiple Vulnerabilities | Nessus | CGI abuses | high |
| 91373 | FreeBSD : php -- multiple vulnerabilities (6b110175-246d-11e6-8dd3-002590263bf5) | Nessus | FreeBSD Local Security Checks | high |
| 91355 | Slackware 14.0 / 14.1 / current : php (SSA:2016-148-03) | Nessus | Slackware Local Security Checks | high |