CVE-2016-5399
Published: 22 July 2016
The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive.
Notes
| Author | Note |
|---|---|
| seth-arnold | PHP position seems to suggest they'll fix bzread() to ensure it conforms to the documented behaviour but they won't take any steps to 'safe' an improper use of API by applications. Since the API was apparently not honoured before I don't know how an application could be expected to be correct. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
php5 Launchpad, Ubuntu, Debian |
precise |
Released
(5.3.10-1ubuntu3.24)
|
| trusty |
Released
(5.5.9+dfsg-1ubuntu4.19)
|
|
| upstream |
Needs triage
|
|
| wily |
Ignored
(end of life)
|
|
| xenial |
Does not exist
|
|
|
Patches: upstream: http://git.php.net/?p=php-src.git;a=commit;h=f3feddb5b45b5abd93abb1a95044b7e099d51c84 |
||
|
php7.0 Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| trusty |
Does not exist
|
|
| upstream |
Released
(7.0.9)
|
|
| wily |
Does not exist
|
|
| xenial |
Released
(7.0.8-0ubuntu0.16.04.2)
|
|
|
Patches: upstream: http://git.php.net/?p=php-src.git;a=commit;h=f3feddb5b45b5abd93abb1a95044b7e099d51c84 |
||
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.8 |
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |