CVE-2016-5773

HIGH

Description

php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data containing a ZipArchive object.

References

http://github.com/php/php-src/commit/f6aef68089221c5ea047d4a74224ee3deead99a6?w=1

http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.html

http://php.net/ChangeLog-5.php

http://php.net/ChangeLog-7.php

http://rhn.redhat.com/errata/RHSA-2016-2750.html

http://www.debian.org/security/2016/dsa-3618

http://www.openwall.com/lists/oss-security/2016/06/23/4

http://www.securityfocus.com/bid/91397

https://bugs.php.net/bug.php?id=72434

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731

https://support.apple.com/HT207170

Details

Source: MITRE

Published: 2016-08-07

Updated: 2018-01-05

Type: CWE-416

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions up to 5.5.36 (inclusive)

cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.0:beta4:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.8:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.9:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.10:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.11:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.12:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.13:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.14:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.15:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.16:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.17:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.18:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.19:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.20:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.21:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.22:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.23:*:*:*:*:*:*:*

cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:7.0.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:7.0.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:7.0.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:7.0.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:7.0.7:*:*:*:*:*:*:*

Tenable Plugins

View all (25 total)

IDNameProductFamilySeverity
129236EulerOS 2.0 SP3 : php (EulerOS-SA-2019-2043)NessusHuawei Local Security Checks
high
128931EulerOS Virtualization for ARM 64 3.0.2.0 : php (EulerOS-SA-2019-1928)NessusHuawei Local Security Checks
high
128917EulerOS 2.0 SP2 : php (EulerOS-SA-2019-1865)NessusHuawei Local Security Checks
high
128087EulerOS 2.0 SP5 : php (EulerOS-SA-2019-1795)NessusHuawei Local Security Checks
high
98854PHP 7.0.x < 7.0.8 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
high
98813PHP 5.6.x < 5.6.23 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
high
108650SUSE SLES11 Security Update : php53 (SUSE-SU-2018:0806-1)NessusSuSE Local Security Checks
high
95755openSUSE Security Update : php5 (openSUSE-2016-1449)NessusSuSE Local Security Checks
high
95535SUSE SLED12 / SLES12 Security Update : php5 (SUSE-SU-2016:2975-1)NessusSuSE Local Security Checks
high
9620Mac OS X 10.x < 10.12 Multiple VulnerabilitiesNessus Network MonitorOperating System Detection
critical
93685macOS < 10.12 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
93568Debian DLA-628-1 : php5 security updateNessusDebian Local Security Checks
high
92699Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : php5, php7.0 vulnerabilities (USN-3045-1) (httpoxy)NessusUbuntu Local Security Checks
high
92663Amazon Linux AMI : php55 / php56 (ALAS-2016-728) (httpoxy)NessusAmazon Linux Local Security Checks
high
92282Fedora 22 : php-pecl-zip (2016-b08d0b00fc)NessusFedora Local Security Checks
high
92258Fedora 24 : php-pecl-zip (2016-79ac80a0d5)NessusFedora Local Security Checks
high
92248Fedora 23 : php-pecl-zip (2016-4f3c77ef90)NessusFedora Local Security Checks
high
92224Debian DSA-3618-1 : php5 - security updateNessusDebian Local Security Checks
high
9393PHP 5.5.x < 5.5.37 / 5.6.x < 5.6.23 / 7.0.x < 7.0.8 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
high
91899PHP 7.0.x < 7.0.8 Multiple VulnerabilitiesNessusCGI abuses
high
91898PHP 5.6.x < 5.6.23 Multiple VulnerabilitiesNessusCGI abuses
high
91897PHP 5.5.x < 5.5.37 Multiple VulnerabilitiesNessusCGI abuses
high
91839FreeBSD : php -- multiple vulnerabilities (66d77c58-3b1d-11e6-8e82-002590263bf5)NessusFreeBSD Local Security Checks
high
91830Slackware 14.0 / 14.1 / current : php (SSA:2016-176-01)NessusSlackware Local Security Checks
high
90108openSUSE Security Update : shotwell (openSUSE-2016-844)NessusSuSE Local Security Checks
high