CVE-2016-5771

critical
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data.

References

http://github.com/php/php-src/commit/3f627e580acfdaf0595ae3b115b8bec677f203ee?w=1

http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.html

http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html

http://php.net/ChangeLog-5.php

http://rhn.redhat.com/errata/RHSA-2016-2750.html

http://www.debian.org/security/2016/dsa-3618

http://www.openwall.com/lists/oss-security/2016/06/23/4

http://www.securityfocus.com/bid/91401

https://bugs.php.net/bug.php?id=72433

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731

https://support.apple.com/HT207170

Details

Source: MITRE

Published: 2016-08-07

Updated: 2018-01-05

Type: CWE-416

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Tenable Plugins

View all (26 total)

IDNameProductFamilySeverity
129236EulerOS 2.0 SP3 : php (EulerOS-SA-2019-2043)NessusHuawei Local Security Checks
critical
128931EulerOS Virtualization for ARM 64 3.0.2.0 : php (EulerOS-SA-2019-1928)NessusHuawei Local Security Checks
critical
128917EulerOS 2.0 SP2 : php (EulerOS-SA-2019-1865)NessusHuawei Local Security Checks
critical
128087EulerOS 2.0 SP5 : php (EulerOS-SA-2019-1795)NessusHuawei Local Security Checks
critical
98854PHP 7.0.x < 7.0.8 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
critical
98813PHP 5.6.x < 5.6.23 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
critical
108650SUSE SLES11 Security Update : php53 (SUSE-SU-2018:0806-1)NessusSuSE Local Security Checks
critical
100136F5 Networks BIG-IP : PHP vulnerability (K30363030)NessusF5 Networks Local Security Checks
critical
9620Mac OS X 10.x < 10.12 Multiple VulnerabilitiesNessus Network MonitorOperating System Detection
critical
93685macOS < 10.12 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
93568Debian DLA-628-1 : php5 security updateNessusDebian Local Security Checks
critical
802011PHP < 5.5.37, 5.6.23 Use-After-Free Remote Code Execution.Log Correlation EngineWeb Servers
high
92714openSUSE Security Update : php5 (openSUSE-2016-921) (httpoxy)NessusSuSE Local Security Checks
critical
92699Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : php5, php7.0 vulnerabilities (USN-3045-1) (httpoxy)NessusUbuntu Local Security Checks
critical
92663Amazon Linux AMI : php55 / php56 (ALAS-2016-728) (httpoxy)NessusAmazon Linux Local Security Checks
critical
92300Fedora 24 : php (2016-ec372bddb9)NessusFedora Local Security Checks
critical
92272Fedora 22 : php (2016-99fbdc5c34)NessusFedora Local Security Checks
critical
92239Fedora 23 : php (2016-34a6b65583)NessusFedora Local Security Checks
critical
92224Debian DSA-3618-1 : php5 - security updateNessusDebian Local Security Checks
critical
9393PHP 5.5.x < 5.5.37 / 5.6.x < 5.6.23 / 7.0.x < 7.0.8 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
high
91899PHP 7.0.x < 7.0.8 Multiple VulnerabilitiesNessusCGI abuses
critical
91898PHP 5.6.x < 5.6.23 Multiple VulnerabilitiesNessusCGI abuses
critical
91897PHP 5.5.x < 5.5.37 Multiple VulnerabilitiesNessusCGI abuses
critical
91839FreeBSD : php -- multiple vulnerabilities (66d77c58-3b1d-11e6-8e82-002590263bf5)NessusFreeBSD Local Security Checks
critical
91830Slackware 14.0 / 14.1 / current : php (SSA:2016-176-01)NessusSlackware Local Security Checks
critical
90108openSUSE Security Update : shotwell (openSUSE-2016-844)NessusSuSE Local Security Checks
critical