Vulnerabilities > CVE-2016-5094 - Integer Overflow or Wraparound vulnerability in PHP

047910
CVSS 8.6 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
HIGH
network
low complexity
php
CWE-190
nessus

Summary

Integer overflow in the php_html_entities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from the htmlspecialchars function.

Vulnerable Configurations

Part Description Count
Application
Php
744

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.

Nessus

  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2016-707.NASL
    descriptionThe following security-related issues were resolved : Out-of-bounds read in imagescale (CVE-2013-7456) Integer underflow causing arbitrary null write in fread/gzread (CVE-2016-5096) The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service (uninitialized pointer dereference) or possibly have unspecified other impact via a crafted TAR archive. (CVE-2016-4343) Integer overflow in php_html_entities() (CVE-2016-5094) Integer overflow in php_filter_full_special_chars() (CVE-2016-5095) Out-of-bounds heap read in get_icu_value_internal (CVE-2016-5093) (Updated 2016-06-15: CVE-2016-5095 was fixed in this version, but was not previously listed in this errata.)
    last seen2020-06-01
    modified2020-06-02
    plugin id91466
    published2016-06-06
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/91466
    titleAmazon Linux AMI : php55 (ALAS-2016-707)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux AMI Security Advisory ALAS-2016-707.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(91466);
      script_version("2.8");
      script_cvs_date("Date: 2018/04/18 15:09:36");
    
      script_cve_id("CVE-2013-7456", "CVE-2016-4343", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-5095", "CVE-2016-5096");
      script_xref(name:"ALAS", value:"2016-707");
    
      script_name(english:"Amazon Linux AMI : php55 (ALAS-2016-707)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Amazon Linux AMI host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The following security-related issues were resolved :
    
    Out-of-bounds read in imagescale (CVE-2013-7456)
    
    Integer underflow causing arbitrary null write in fread/gzread
    (CVE-2016-5096)
    
    The phar_make_dirstream function in ext/phar/dirstream.c in PHP before
    5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files,
    which allows remote attackers to cause a denial of service
    (uninitialized pointer dereference) or possibly have unspecified other
    impact via a crafted TAR archive. (CVE-2016-4343)
    
    Integer overflow in php_html_entities() (CVE-2016-5094)
    
    Integer overflow in php_filter_full_special_chars() (CVE-2016-5095)
    
    Out-of-bounds heap read in get_icu_value_internal (CVE-2016-5093)
    
    (Updated 2016-06-15: CVE-2016-5095 was fixed in this version, but was
    not previously listed in this errata.)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/ALAS-2016-707.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Run 'yum update php55' to update your system."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-bcmath");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-cli");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-dba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-embedded");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-enchant");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-fpm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-gmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-imap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-intl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-mbstring");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-mcrypt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-mssql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-mysqlnd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-opcache");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-pdo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-process");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-pspell");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-recode");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-snmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-soap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-tidy");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-xml");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-xmlrpc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/06/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/06/06");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/AmazonLinux/release");
    if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
    os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
    os_ver = os_ver[1];
    if (os_ver != "A")
    {
      if (os_ver == 'A') os_ver = 'AMI';
      audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
    }
    
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"ALA", reference:"php55-5.5.36-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-bcmath-5.5.36-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-cli-5.5.36-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-common-5.5.36-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-dba-5.5.36-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-debuginfo-5.5.36-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-devel-5.5.36-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-embedded-5.5.36-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-enchant-5.5.36-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-fpm-5.5.36-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-gd-5.5.36-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-gmp-5.5.36-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-imap-5.5.36-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-intl-5.5.36-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-ldap-5.5.36-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-mbstring-5.5.36-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-mcrypt-5.5.36-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-mssql-5.5.36-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-mysqlnd-5.5.36-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-odbc-5.5.36-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-opcache-5.5.36-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-pdo-5.5.36-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-pgsql-5.5.36-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-process-5.5.36-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-pspell-5.5.36-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-recode-5.5.36-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-snmp-5.5.36-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-soap-5.5.36-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-tidy-5.5.36-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-xml-5.5.36-1.115.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-xmlrpc-5.5.36-1.115.amzn1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php55 / php55-bcmath / php55-cli / php55-common / php55-dba / etc");
    }
    
  • NASL familyCGI abuses
    NASL idPHP_5_5_36.NASL
    descriptionAccording to its banner, the version of PHP running on the remote web server is 5.5.x prior to 5.5.36. It is, therefore, affected by multiple vulnerabilities : - An out-of-bounds read error exists in the _gdContributionsCalc() function within file ext/gd/libgd/gd_interpolation.c. An unauthenticated, remote attacker can exploit this to disclose sensitive information or crash the process linked against the library. (CVE-2013-7456) - An uninitialized pointer flaw exists in the phar_make_dirstream() function within file ext/phar/dirstream.c due to improper handling of ././@LongLink files. An unauthenticated, remote attacker can exploit this, via a specially crafted TAR file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-4343) - An out-of-bounds read error exists in the get_icu_value_internal() function within file ext/intl/locale/locale_methods.c due to improper handling of user-supplied input. An unauthenticated, remote attacker can exploit this to disclose sensitive information or crash the process linked against the library. (CVE-2016-5093) - An integer overflow condition exists in the php_html_entities() and php_filter_full_special_chars() functions within file ext/standard/html.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to have an unspecified impact. (CVE-2016-5094) - An integer underflow condition exists in file ext/standard/file.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a NULL write, resulting in crashing the process linked against the library. (CVE-2016-5096) Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id91441
    published2016-06-02
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91441
    titlePHP 5.5.x < 5.5.36 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(91441);
      script_version("1.12");
      script_cvs_date("Date: 2019/03/27 13:17:50");
    
      script_cve_id(
        "CVE-2013-7456",
        "CVE-2016-4343",
        "CVE-2016-5093",
        "CVE-2016-5094",
        "CVE-2016-5096"
      );
    
      script_name(english:"PHP 5.5.x < 5.5.36 Multiple Vulnerabilities");
      script_summary(english:"Checks the version of PHP.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The version of PHP running on the remote web server is affected by
    multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "According to its banner, the version of PHP running on the remote web
    server is 5.5.x prior to 5.5.36. It is, therefore, affected by
    multiple vulnerabilities :
    
      - An out-of-bounds read error exists in the
        _gdContributionsCalc() function within file
        ext/gd/libgd/gd_interpolation.c. An unauthenticated,
        remote attacker can exploit this to disclose sensitive
        information or crash the process linked against the
        library. (CVE-2013-7456)
    
      - An uninitialized pointer flaw exists in the
        phar_make_dirstream() function within file
        ext/phar/dirstream.c due to improper handling of
        ././@LongLink files. An unauthenticated, remote attacker
        can exploit this, via a specially crafted TAR file, to
        cause a denial of service condition or the execution of
        arbitrary code. (CVE-2016-4343)
    
      - An out-of-bounds read error exists in the
        get_icu_value_internal() function within file
        ext/intl/locale/locale_methods.c due to improper
        handling of user-supplied input. An unauthenticated,
        remote attacker can exploit this to disclose sensitive
        information or crash the process linked against the
        library. (CVE-2016-5093)
    
      - An integer overflow condition exists in the
        php_html_entities() and php_filter_full_special_chars()
        functions within file ext/standard/html.c due to
        improper validation of user-supplied input. An
        unauthenticated, remote attacker can exploit this to
        have an unspecified impact. (CVE-2016-5094)
    
      - An integer underflow condition exists in file
        ext/standard/file.c due to improper validation of
        user-supplied input. An unauthenticated, remote
        attacker can exploit this to cause a NULL write,
        resulting in crashing the process linked against the
        library. (CVE-2016-5096)
    
    Note that Nessus has not tested for these issues but has instead
    relied only on the application's self-reported version number.");
      script_set_attribute(attribute:"see_also", value:"http://php.net/ChangeLog-5.php#5.5.36");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to PHP version 5.5.36 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-5093");
      script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/09/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/05/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/06/02");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:php:php");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"CGI abuses");
    
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("php_version.nasl");
      script_require_keys("www/PHP");
      script_require_ports("Services/www", 80);
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("http.inc");
    include("webapp_func.inc");
    
    port = get_http_port(default:80, php:TRUE);
    
    php = get_php_from_kb(
      port : port,
      exit_on_fail : TRUE
    );
    
    version = php["ver"];
    source = php["src"];
    
    backported = get_kb_item('www/php/'+port+'/'+version+'/backported');
    
    if (report_paranoia < 2 && backported)
      audit(AUDIT_BACKPORT_SERVICE, port, "PHP "+version+" install");
    
    # Check that it is the correct version of PHP
    if (version =~ "^5(\.5)?$")
      audit(AUDIT_VER_NOT_GRANULAR, "PHP", port, version);
    if (version !~ "^5\.5\.") audit(AUDIT_NOT_DETECT, "PHP version 5.5.x", port);
    
    if (version =~ "^5\.5\." && ver_compare(ver:version, fix:"5.5.36", strict:FALSE) < 0){
      security_report_v4(
      port  : port,
      extra :
        '\n  Version source    : ' + source +
        '\n  Installed version : ' + version +
        '\n  Fixed version     : 5.5.36' +
        '\n',
      severity:SECURITY_HOLE
      );
    }
    else audit(AUDIT_LISTEN_NOT_VULN, "PHP", port, version);
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3045-1.NASL
    descriptionIt was discovered that PHP incorrectly handled certain SplMinHeap::compare operations. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-4116) It was discovered that PHP incorrectly handled recursive method calls. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8873) It was discovered that PHP incorrectly validated certain Exception objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8876) It was discovered that PHP header() function performed insufficient filtering for Internet Explorer. A remote attacker could possibly use this issue to perform a XSS attack. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8935) It was discovered that PHP incorrectly handled certain locale operations. An attacker could use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5093) It was discovered that the PHP php_html_entities() function incorrectly handled certain string lengths. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5094, CVE-2016-5095) It was discovered that the PHP fread() function incorrectly handled certain lengths. An attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5096) It was discovered that the PHP FastCGI Process Manager (FPM) SAPI incorrectly handled memory in the access logging feature. An attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly expose sensitive information. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5114) It was discovered that PHP would not protect applications from contents of the HTTP_PROXY environment variable when based on the contents of the Proxy header from HTTP requests. A remote attacker could possibly use this issue in combination with scripts that honour the HTTP_PROXY variable to redirect outgoing HTTP requests. (CVE-2016-5385) Hans Jerry Illikainen discovered that the PHP bzread() function incorrectly performed error handling. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-5399) It was discovered that certain PHP multibyte string functions incorrectly handled memory. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2016-5768) It was discovered that the PHP Mcrypt extension incorrectly handled memory. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5769) It was discovered that the PHP garbage collector incorrectly handled certain objects when unserializing malicious data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue was only addressed in Ubuntu Ubuntu 14.04 LTS. (CVE-2016-5771, CVE-2016-5773) It was discovered that PHP incorrectly handled memory when unserializing malicious xml data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5772) It was discovered that the PHP php_url_parse_ex() function incorrectly handled string termination. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-6288) It was discovered that PHP incorrectly handled path lengths when extracting certain Zip archives. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6289) It was discovered that PHP incorrectly handled session deserialization. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6290) It was discovered that PHP incorrectly handled exif headers when processing certain JPEG images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6291, CVE-2016-6292) It was discovered that PHP incorrectly handled certain locale operations. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6294) It was discovered that the PHP garbage collector incorrectly handled certain objects when unserializing SNMP data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6295) It was discovered that the PHP xmlrpc_encode_request() function incorrectly handled certain lengths. An attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6296) It was discovered that the PHP php_stream_zip_opener() function incorrectly handled memory. An attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6297). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id92699
    published2016-08-03
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92699
    titleUbuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : php5, php7.0 vulnerabilities (USN-3045-1) (httpoxy)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-703.NASL
    descriptionThis update for php5 fixes the following issues : - CVE-2013-7456: imagescale out-of-bounds read (bnc#982009). - CVE-2016-5093: get_icu_value_internal out-of-bounds read (bnc#982010). - CVE-2016-5094: Don
    last seen2020-06-05
    modified2016-06-14
    plugin id91585
    published2016-06-14
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91585
    titleopenSUSE Security Update : php5 (openSUSE-2016-703)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-1633-1.NASL
    descriptionThis update for php5 fixes the following issues : - CVE-2013-7456: imagescale out-of-bounds read (bnc#982009). - CVE-2016-5093: get_icu_value_internal out-of-bounds read (bnc#982010). - CVE-2016-5094: Don
    last seen2020-06-01
    modified2020-06-02
    plugin id93160
    published2016-08-29
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93160
    titleSUSE SLED12 / SLES12 Security Update : php5 (SUSE-SU-2016:1633-1)
  • NASL familyFirewalls
    NASL idPFSENSE_SA-16_08.NASL
    descriptionAccording to its self-reported version number, the remote pfSense install is prior to 2.3.1-p5. It is, therefore, affected by multiple vulnerabilities as stated in the referenced vendor advisories.
    last seen2020-06-01
    modified2020-06-02
    plugin id106502
    published2018-01-31
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106502
    titlepfSense < 2.3.1-p5 Multiple Vulnerabilities (SA-16_07 / SA-16_08)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-1638-1.NASL
    descriptionThis update for php53 to version 5.3.17 fixes the following issues : These security issues were fixed : - CVE-2016-5093: get_icu_value_internal out-of-bounds read (bnc#982010). - CVE-2016-5094: Don
    last seen2020-06-01
    modified2020-06-02
    plugin id93161
    published2016-08-29
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93161
    titleSUSE SLES11 Security Update : php53 (SUSE-SU-2016:1638-1) (BACKRONYM)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-776.NASL
    descriptionThis update for php5 fixes the following issues : - CVE-2013-7456: imagescale out-of-bounds read (bnc#982009). - CVE-2016-5093: get_icu_value_internal out-of-bounds read (bnc#982010). - CVE-2016-5094: Don
    last seen2020-06-05
    modified2016-06-28
    plugin id91869
    published2016-06-28
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/91869
    titleopenSUSE Security Update : php5 (openSUSE-2016-776)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2649.NASL
    descriptionAccording to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ** DISPUTED ** Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function. NOTE: the vendor says
    last seen2020-05-08
    modified2019-12-18
    plugin id132184
    published2019-12-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132184
    titleEulerOS 2.0 SP3 : php (EulerOS-SA-2019-2649)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2221.NASL
    descriptionAccording to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1) __destruct call or (2) magic method call.(CVE-2016-7124) - Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TAR archive.(CVE-2016-2554) - A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code.(CVE-2015-6831) - The sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 supports deprecated line folding without considering browser compatibility, which allows remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer by leveraging (1) %0A%20 or (2) %0D%0A%20 mishandling in the header function.(CVE-2015-8935) - The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.(CVE-2015-8867) - Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code via crafted serialized data that triggers misuse of an array field.(CVE-2015-6832) - Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call.(CVE-2015-6833) - Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/ext_zip.cpp in HHVM before 3.12.1 allows remote attackers to create arbitrary empty directories via a crafted ZIP archive.(CVE-2014-9767) - The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c.(CVE-2016-7414) - ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string.(CVE-2016-9934) - The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document.(CVE-2016-9935) - In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wddx/wddx.c.(CVE-2017-11143) - Integer overflow in the php_html_entities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from the htmlspecialchars function.(CVE-2016-5094) - The get_icu_value_internal function in ext/intl/locale/locale_methods.c in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7 does not ensure the presence of a
    last seen2020-05-08
    modified2019-11-08
    plugin id130683
    published2019-11-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130683
    titleEulerOS 2.0 SP5 : php (EulerOS-SA-2019-2221)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_6B110175246D11E68DD3002590263BF5.NASL
    descriptionThe PHP Group reports : - Core : - Fixed bug #72114 (Integer underflow / arbitrary null write in fread/gzread). (CVE-2016-5096) (PHP 5.5/5.6 only) - Fixed bug #72135 (Integer Overflow in php_html_entities). (CVE-2016-5094) (PHP 5.5/5.6 only) - GD : - Fixed bug #72227 (imagescale out-of-bounds read). (CVE-2013-7456) - Intl : - Fixed bug #72241 (get_icu_value_internal out-of-bounds read). (CVE-2016-5093) - Phar : - Fixed bug #71331 (Uninitialized pointer in phar_make_dirstream()). (CVE-2016-4343) (PHP 5.5 only)
    last seen2020-06-01
    modified2020-06-02
    plugin id91373
    published2016-05-31
    reporterThis script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91373
    titleFreeBSD : php -- multiple vulnerabilities (6b110175-246d-11e6-8dd3-002590263bf5)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_11_6.NASL
    descriptionThe remote host is running a version of Mac OS X that is 10.11.x prior to 10.11.6. It is, therefore, affected by multiple vulnerabilities in the following components : - apache_mod_php - Audio - bsdiff - CFNetwork - CoreGraphics - FaceTime - Graphics Drivers - ImageIO - Intel Graphics Driver - IOHIDFamily - IOKit - IOSurface - Kernel - libc++abi - libexpat - LibreSSL - libxml2 - libxslt - Login Window - OpenSSL - QuickTime - Safari Login AutoFill - Sandbox Profiles Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id92496
    published2016-07-21
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92496
    titleMac OS X 10.11.x < 10.11.6 Multiple Vulnerabilities
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3602.NASL
    descriptionSeveral vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The vulnerabilities are addressed by upgrading PHP to the new upstream version 5.6.22, which includes additional bug fixes. Please refer to the upstream changelog for more information : - https://php.net/ChangeLog-5.php#5.6.21 - https://php.net/ChangeLog-5.php#5.6.22
    last seen2020-06-01
    modified2020-06-02
    plugin id91615
    published2016-06-15
    reporterThis script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91615
    titleDebian DSA-3602-1 : php5 - security update
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-65F1FFDC0C.NASL
    description26 May 2016, **PHP 5.6.22** **Core:** - Fixed bug #72172 (zend_hex_strtod should not use strlen). (bwitz at hotmail dot com ) - Fixed bug #72114 (Integer underflow / arbitrary null write in fread/gzread). (Stas) - Fixed bug #72135 (Integer Overflow in php_html_entities). (Stas) **GD:** - Fixed bug #72227 (imagescale out-of-bounds read). (Stas) **Intl:** - Fixed bug #64524 (Add intl.use_exceptions to php.ini-*). (Anatol) - Fixed bug #72241 (get_icu_value_internal out-of-bounds read). (Stas) **Postgres:** - Fixed bug #72151 (mysqli_fetch_object changed behaviour). (Anatol) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-07-14
    plugin id92104
    published2016-07-14
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92104
    titleFedora 22 : php (2016-65f1ffdc0c)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2016-706.NASL
    descriptionThe following security-related issues were resolved : Out-of-bounds read in imagescale (CVE-2013-7456) Integer underflow causing arbitrary null write in fread/gzread (CVE-2016-5096) Integer overflow in php_html_entities() (CVE-2016-5094) Integer overflow in php_filter_full_special_chars() (CVE-2016-5095) Out-of-bounds heap read in get_icu_value_internal (CVE-2016-5093) (Updated 2016-06-15: CVE-2016-5095 was fixed in this version, but was not previously listed in this errata.)
    last seen2020-06-01
    modified2020-06-02
    plugin id91465
    published2016-06-06
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/91465
    titleAmazon Linux AMI : php56 (ALAS-2016-706)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2016-148-03.NASL
    descriptionNew php packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id91355
    published2016-05-31
    reporterThis script is Copyright (C) 2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/91355
    titleSlackware 14.0 / 14.1 / current : php (SSA:2016-148-03)
  • NASL familyCGI abuses
    NASL idPHP_5_6_22.NASL
    descriptionAccording to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.22. It is, therefore, affected by multiple vulnerabilities : - An out-of-bounds read error exists in the _gdContributionsCalc() function within file ext/gd/libgd/gd_interpolation.c. An unauthenticated, remote attacker can exploit this to disclose sensitive information or crash the process linked against the library. (CVE-2013-7456) - An out-of-bounds read error exists in the get_icu_value_internal() function within file ext/intl/locale/locale_methods.c due to improper handling of user-supplied input. An unauthenticated, remote attacker can exploit this to disclose sensitive information or crash the process linked against the library. (CVE-2016-5093) - An integer overflow condition exists in the php_html_entities() and php_filter_full_special_chars() functions within file ext/standard/html.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to have an unspecified impact. (CVE-2016-5094) - An integer underflow condition exists in file ext/standard/file.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a NULL write, resulting in crashing the process linked against the library. (CVE-2016-5096) Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id91442
    published2016-06-02
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91442
    titlePHP 5.6.x < 5.6.22 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-1581-1.NASL
    descriptionThis update for php53 fixes the following issues : - CVE-2016-5093: A get_icu_value_internal out-of-bounds read could crash the php interpreter (bsc#982010) - CVE-2016-5094,CVE-2016-5095: Don
    last seen2020-06-01
    modified2020-06-02
    plugin id91665
    published2016-06-17
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91665
    titleSUSE SLES11 Security Update : php53 (SUSE-SU-2016:1581-1)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2016-004.NASL
    descriptionThe remote host is running a version of Mac OS X that is 10.9.5 or 10.10.5 and is missing Security Update 2016-004. It is, therefore, affected by multiple vulnerabilities in the following components : - apache_mod_php (affects 10.10.5 only) - CoreGraphics - ImageIO - libxml2 - libxslt Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id92497
    published2016-07-21
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/92497
    titleMac OS X 10.9.5 and 10.10.5 Multiple Vulnerabilities (Security Update 2016-004)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-533.NASL
    description - CVE-2016-5093.patch Absence of null character causes unexpected zend_string length and leaks heap memory. The test script uses locale_get_primary_language to reach get_icu_value_internal but there are some other functions that also trigger this issue: locale_canonicalize, locale_filter_matches, locale_lookup, locale_parse - CVE-2016-5094.patch don
    last seen2020-03-17
    modified2016-07-01
    plugin id91900
    published2016-07-01
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91900
    titleDebian DLA-533-1 : php5 security update
  • NASL familyF5 Networks Local Security Checks
    NASL idF5_BIGIP_SOL51390683.NASL
    descriptionCVE-2016-5094 Integer overflow in the php_html_entities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from the htmlspecialchars function. CVE-2016-5095 Integer overflow in the php_escape_html_entities_ex function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from a FILTER_SANITIZE_FULL_SPECIAL_CHARS filter_var call. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-5094.
    last seen2020-06-01
    modified2020-06-02
    plugin id92708
    published2016-08-04
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92708
    titleF5 Networks BIG-IP : PHP vulnerabilities (K51390683)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2438.NASL
    descriptionAccording to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.(CVE-2019-11043) - The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of PHP.(CVE-2017-12933) - ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1) __destruct call or (2) magic method call.(CVE-2016-7124) - The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi )abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.(CVE-2015-8382) - An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.(CVE-2018-5712) - exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.(CVE-2018-14851) - The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data.(CVE-2016-7480) - ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object.(CVE-2016-7411) - The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 mishandles driver behavior for SQL_WVARCHAR columns, which allows remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array function to access a certain type of Microsoft SQL Server table.(CVE-2015-8879) - In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension
    last seen2020-05-08
    modified2019-12-04
    plugin id131592
    published2019-12-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131592
    titleEulerOS 2.0 SP2 : php (EulerOS-SA-2019-2438)

Redhat

advisories
rhsa
idRHSA-2016:2750
rpms
  • rh-php56-0:2.3-1.el6
  • rh-php56-0:2.3-1.el7
  • rh-php56-php-0:5.6.25-1.el6
  • rh-php56-php-0:5.6.25-1.el7
  • rh-php56-php-bcmath-0:5.6.25-1.el6
  • rh-php56-php-bcmath-0:5.6.25-1.el7
  • rh-php56-php-cli-0:5.6.25-1.el6
  • rh-php56-php-cli-0:5.6.25-1.el7
  • rh-php56-php-common-0:5.6.25-1.el6
  • rh-php56-php-common-0:5.6.25-1.el7
  • rh-php56-php-dba-0:5.6.25-1.el6
  • rh-php56-php-dba-0:5.6.25-1.el7
  • rh-php56-php-dbg-0:5.6.25-1.el6
  • rh-php56-php-dbg-0:5.6.25-1.el7
  • rh-php56-php-debuginfo-0:5.6.25-1.el6
  • rh-php56-php-debuginfo-0:5.6.25-1.el7
  • rh-php56-php-devel-0:5.6.25-1.el6
  • rh-php56-php-devel-0:5.6.25-1.el7
  • rh-php56-php-embedded-0:5.6.25-1.el6
  • rh-php56-php-embedded-0:5.6.25-1.el7
  • rh-php56-php-enchant-0:5.6.25-1.el6
  • rh-php56-php-enchant-0:5.6.25-1.el7
  • rh-php56-php-fpm-0:5.6.25-1.el6
  • rh-php56-php-fpm-0:5.6.25-1.el7
  • rh-php56-php-gd-0:5.6.25-1.el6
  • rh-php56-php-gd-0:5.6.25-1.el7
  • rh-php56-php-gmp-0:5.6.25-1.el6
  • rh-php56-php-gmp-0:5.6.25-1.el7
  • rh-php56-php-imap-0:5.6.25-1.el6
  • rh-php56-php-intl-0:5.6.25-1.el6
  • rh-php56-php-intl-0:5.6.25-1.el7
  • rh-php56-php-ldap-0:5.6.25-1.el6
  • rh-php56-php-ldap-0:5.6.25-1.el7
  • rh-php56-php-mbstring-0:5.6.25-1.el6
  • rh-php56-php-mbstring-0:5.6.25-1.el7
  • rh-php56-php-mysqlnd-0:5.6.25-1.el6
  • rh-php56-php-mysqlnd-0:5.6.25-1.el7
  • rh-php56-php-odbc-0:5.6.25-1.el6
  • rh-php56-php-odbc-0:5.6.25-1.el7
  • rh-php56-php-opcache-0:5.6.25-1.el6
  • rh-php56-php-opcache-0:5.6.25-1.el7
  • rh-php56-php-pdo-0:5.6.25-1.el6
  • rh-php56-php-pdo-0:5.6.25-1.el7
  • rh-php56-php-pear-1:1.9.5-4.el6
  • rh-php56-php-pear-1:1.9.5-4.el7
  • rh-php56-php-pgsql-0:5.6.25-1.el6
  • rh-php56-php-pgsql-0:5.6.25-1.el7
  • rh-php56-php-process-0:5.6.25-1.el6
  • rh-php56-php-process-0:5.6.25-1.el7
  • rh-php56-php-pspell-0:5.6.25-1.el6
  • rh-php56-php-pspell-0:5.6.25-1.el7
  • rh-php56-php-recode-0:5.6.25-1.el6
  • rh-php56-php-recode-0:5.6.25-1.el7
  • rh-php56-php-snmp-0:5.6.25-1.el6
  • rh-php56-php-snmp-0:5.6.25-1.el7
  • rh-php56-php-soap-0:5.6.25-1.el6
  • rh-php56-php-soap-0:5.6.25-1.el7
  • rh-php56-php-tidy-0:5.6.25-1.el6
  • rh-php56-php-xml-0:5.6.25-1.el6
  • rh-php56-php-xml-0:5.6.25-1.el7
  • rh-php56-php-xmlrpc-0:5.6.25-1.el6
  • rh-php56-php-xmlrpc-0:5.6.25-1.el7
  • rh-php56-runtime-0:2.3-1.el6
  • rh-php56-runtime-0:2.3-1.el7
  • rh-php56-scldevel-0:2.3-1.el6
  • rh-php56-scldevel-0:2.3-1.el7