Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2016-10712HistoryFeb 09, 2018 - 6:29 a.m.
CVE-2016-10712
2018-02-0906:29:00
Debian Security Bug Tracker
security-tracker.debian.org
12
0.002 Low
EPSS
Percentile
56.6%
In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of stream_get_meta_data can be controlled if the input can be controlled (e.g., during file uploads). For example, a “$uri = stream_get_meta_data(fopen($file, “r”))[‘uri’]” call mishandles the case where $file is data:text/plain;uri=eviluri, – in other words, metadata can be set by an attacker.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 9 | all | php7.0 | < 7.0.33-0+deb9u8 | php7.0_7.0.33-0+deb9u8_all.deb |
Related
nvd
nvd
CVE-2016-10712
2018-02-09 06:29:00
openvas
openvas
PHP 'stream_get_meta_data' Privilege Escalation Vulnerability - Linux
2018-02-20 00:00:00
PHP 'stream_get_meta_data' Privilege Escalation Vulnerability - Windows
2018-02-20 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:0530-1)
2021-06-09 00:00:00
cve
cve
CVE-2016-10712
2018-02-09 06:29:00
f5
f5
K42143118 : PHP vulnerability CVE-2016-10712
2018-10-15 00:00:00
nessus
nessus
SUSE SLES12 Security Update : php5 (SUSE-SU-2018:0530-1)
2019-01-02 00:00:00
openSUSE Security Update : php5 (openSUSE-2018-209)
2018-02-26 00:00:00
Ubuntu 14.04 LTS / 16.04 LTS : PHP vulnerabilities (USN-3600-1)
2018-03-20 00:00:00
suse
suse
Security update for php5 (important)
2018-02-23 15:07:31
Security update for php5 (important)
2018-02-24 15:08:48
Security update for php53 (important)
2018-03-26 15:08:04
prion
prion
Design/Logic Flaw
2018-02-09 06:29:00
ubuntucve
ubuntucve
CVE-2016-10712
2018-02-09 00:00:00
osv
osv
CVE-2016-10712
2018-02-09 06:29:00
php5 - security update
2017-02-07 00:00:00
cvelist
cvelist
CVE-2016-10712
2018-02-09 06:00:00
ubuntu
ubuntu
PHP vulnerabilities
2018-03-19 00:00:00
PHP vulnerabilities
2019-05-22 00:00:00
ibm
ibm
rosalinux
rosalinux
Advisory ROSA-SA-2021-1950
2021-07-02 17:57:45