CVE-2016-5773

critical
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data containing a ZipArchive object.

References

http://github.com/php/php-src/commit/f6aef68089221c5ea047d4a74224ee3deead99a6?w=1

http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.html

http://php.net/ChangeLog-5.php

http://php.net/ChangeLog-7.php

http://rhn.redhat.com/errata/RHSA-2016-2750.html

http://www.debian.org/security/2016/dsa-3618

http://www.openwall.com/lists/oss-security/2016/06/23/4

http://www.securityfocus.com/bid/91397

https://bugs.php.net/bug.php?id=72434

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731

https://support.apple.com/HT207170

Details

Source: MITRE

Published: 2016-08-07

Updated: 2018-01-05

Type: CWE-416

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions up to 5.5.36 (inclusive)

cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.0:beta4:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.8:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.9:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.10:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.11:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.12:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.13:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.14:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.15:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.16:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.17:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.18:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.19:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.20:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.21:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.22:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.23:*:*:*:*:*:*:*

cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:7.0.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:7.0.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:7.0.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:7.0.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:7.0.7:*:*:*:*:*:*:*

Tenable Plugins

View all (25 total)

IDNameProductFamilySeverity
129236EulerOS 2.0 SP3 : php (EulerOS-SA-2019-2043)NessusHuawei Local Security Checks
critical
128931EulerOS Virtualization for ARM 64 3.0.2.0 : php (EulerOS-SA-2019-1928)NessusHuawei Local Security Checks
critical
128917EulerOS 2.0 SP2 : php (EulerOS-SA-2019-1865)NessusHuawei Local Security Checks
critical
128087EulerOS 2.0 SP5 : php (EulerOS-SA-2019-1795)NessusHuawei Local Security Checks
critical
98854PHP 7.0.x < 7.0.8 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
critical
98813PHP 5.6.x < 5.6.23 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
critical
108650SUSE SLES11 Security Update : php53 (SUSE-SU-2018:0806-1)NessusSuSE Local Security Checks
critical
95755openSUSE Security Update : php5 (openSUSE-2016-1449)NessusSuSE Local Security Checks
critical
95535SUSE SLED12 / SLES12 Security Update : php5 (SUSE-SU-2016:2975-1)NessusSuSE Local Security Checks
critical
9620Mac OS X 10.x < 10.12 Multiple VulnerabilitiesNessus Network MonitorOperating System Detection
critical
93685macOS < 10.12 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
93568Debian DLA-628-1 : php5 security updateNessusDebian Local Security Checks
critical
92699Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : php5, php7.0 vulnerabilities (USN-3045-1) (httpoxy)NessusUbuntu Local Security Checks
critical
92663Amazon Linux AMI : php55 / php56 (ALAS-2016-728) (httpoxy)NessusAmazon Linux Local Security Checks
critical
92282Fedora 22 : php-pecl-zip (2016-b08d0b00fc)NessusFedora Local Security Checks
critical
92258Fedora 24 : php-pecl-zip (2016-79ac80a0d5)NessusFedora Local Security Checks
critical
92248Fedora 23 : php-pecl-zip (2016-4f3c77ef90)NessusFedora Local Security Checks
critical
92224Debian DSA-3618-1 : php5 - security updateNessusDebian Local Security Checks
critical
9393PHP 5.5.x < 5.5.37 / 5.6.x < 5.6.23 / 7.0.x < 7.0.8 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
high
91899PHP 7.0.x < 7.0.8 Multiple VulnerabilitiesNessusCGI abuses
critical
91898PHP 5.6.x < 5.6.23 Multiple VulnerabilitiesNessusCGI abuses
critical
91897PHP 5.5.x < 5.5.37 Multiple VulnerabilitiesNessusCGI abuses
critical
91839FreeBSD : php -- multiple vulnerabilities (66d77c58-3b1d-11e6-8e82-002590263bf5)NessusFreeBSD Local Security Checks
critical
91830Slackware 14.0 / 14.1 / current : php (SSA:2016-176-01)NessusSlackware Local Security Checks
critical
90108openSUSE Security Update : shotwell (openSUSE-2016-844)NessusSuSE Local Security Checks
critical