CVE-2016-5769

critical
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted length value, related to the (1) mcrypt_generic and (2) mdecrypt_generic functions.

References

http://github.com/php/php-src/commit/6c5211a0cef0cc2854eaa387e0eb036e012904d0?w=1

http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00025.html

http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html

http://php.net/ChangeLog-5.php

http://php.net/ChangeLog-7.php

http://www.debian.org/security/2016/dsa-3618

http://www.openwall.com/lists/oss-security/2016/06/23/4

http://www.securityfocus.com/bid/91399

https://bugs.php.net/bug.php?id=72455

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731

https://support.apple.com/HT207170

Details

Source: MITRE

Published: 2016-08-07

Updated: 2016-11-28

Type: CWE-190

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions up to 5.5.36 (inclusive)

cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.0:beta4:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.8:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.9:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.10:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.11:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.12:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.13:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.14:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.15:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.16:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.17:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.18:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.19:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.20:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.21:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.22:*:*:*:*:*:*:*

cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:7.0.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:7.0.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:7.0.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:7.0.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:7.0.7:*:*:*:*:*:*:*

Tenable Plugins

View all (22 total)

IDNameProductFamilySeverity
98854PHP 7.0.x < 7.0.8 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
critical
98813PHP 5.6.x < 5.6.23 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
critical
9620Mac OS X 10.x < 10.12 Multiple VulnerabilitiesNessus Network MonitorOperating System Detection
critical
93685macOS < 10.12 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
93568Debian DLA-628-1 : php5 security updateNessusDebian Local Security Checks
critical
93293SUSE SLES11 Security Update : php5 (SUSE-SU-2016:2080-1)NessusSuSE Local Security Checks
critical
93282SUSE SLES11 Security Update : php53 (SUSE-SU-2016:2013-1)NessusSuSE Local Security Checks
critical
802010PHP < 5.5.37, 5.6.23, 7.0.8 Multiple VulnerabiltiesLog Correlation EngineWeb Servers
critical
92714openSUSE Security Update : php5 (openSUSE-2016-921) (httpoxy)NessusSuSE Local Security Checks
critical
92699Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : php5, php7.0 vulnerabilities (USN-3045-1) (httpoxy)NessusUbuntu Local Security Checks
critical
92663Amazon Linux AMI : php55 / php56 (ALAS-2016-728) (httpoxy)NessusAmazon Linux Local Security Checks
critical
92300Fedora 24 : php (2016-ec372bddb9)NessusFedora Local Security Checks
critical
92272Fedora 22 : php (2016-99fbdc5c34)NessusFedora Local Security Checks
critical
92239Fedora 23 : php (2016-34a6b65583)NessusFedora Local Security Checks
critical
92224Debian DSA-3618-1 : php5 - security updateNessusDebian Local Security Checks
critical
9393PHP 5.5.x < 5.5.37 / 5.6.x < 5.6.23 / 7.0.x < 7.0.8 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
high
91899PHP 7.0.x < 7.0.8 Multiple VulnerabilitiesNessusCGI abuses
critical
91898PHP 5.6.x < 5.6.23 Multiple VulnerabilitiesNessusCGI abuses
critical
91897PHP 5.5.x < 5.5.37 Multiple VulnerabilitiesNessusCGI abuses
critical
91839FreeBSD : php -- multiple vulnerabilities (66d77c58-3b1d-11e6-8e82-002590263bf5)NessusFreeBSD Local Security Checks
critical
91830Slackware 14.0 / 14.1 / current : php (SSA:2016-176-01)NessusSlackware Local Security Checks
critical
90108openSUSE Security Update : shotwell (openSUSE-2016-844)NessusSuSE Local Security Checks
critical