CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
96.6%
The specific version of PHP that the system is running is reportedly affected by the following vulnerabilities:
PHP contains an integer overflow condition in the json_decode() and json_utf8_to_utf16() functions in ext/standard/php_smart_str.h. The issue is triggered as user-supplied input is not properly validated. This may allow a remote attacker to cause a heap-based buffer overflow, causing a denial of service in a process linked against PHP or potentially allowing the execution of arbitrary code.
PHP contains an out-of-bounds read flaw in the pass2_no_dither() function in ext/gd/libgd/gd_topal.c that may allow a remote attacker to crash a process utilizing PHP or potentially disclose memory contents.
PHP contains an integer overflow condition in ext/standard/string.c. The issue is triggered as user-supplied input is not properly validated when handling string lengths. This may allow a remote attacker to have an unspecified impact.
PHP contains a double-free flaw in the _php_mb_regex_ereg_replace_exec() function in ext/mbstring/php_mbregex.c that is triggered when handling a failed callback execution. This may allow a remote attacker to potentially execute arbitrary code. (CVE-2016-5768)
PHP contains a NULL pointer dereference flaw in the _gdScaleVert() function in ext/gd/libgd/gd_interpolation.c that is triggered during the handling of _gdContributionsCalc return values. This may allow a remote attacker to cause a denial of service in a process linked against PHP.
PHP contains an integer overflow condition in ext/spl/spl_directory.c. The issue is triggered by an int/size_t confusion issue. This may allow a remote attacker to have an unspecified impact. (CVE-2016-5770)
PHP contains an integer overflow condition in ext/mcrypt/mcrypt.c. The issue is triggered as user-supplied input is not properly validated when handling data values. This may allow a remote attacker to cause a heap-based buffer overflow, resulting in a denial of service in a process linked against PHP or potentially allowing the execution of arbitrary code. (CVE-2016-5769)
PHP contains an integer overflow condition in the nl2br() function in ext/standard/string.c. The issue is triggered as user-supplied input is not properly validated when handling new_length values. This may allow a remote attacker to have an unspecified impact.
PHP contains an integer overflow condition in multiple functions in ext/standard/string.c. The issue is triggered as user-supplied input is not properly validated when handling string values. This may allow a remote attacker to have an unspecified impact.
PHP contains a double-free flaw in the php_wddx_process_data() function in ext/wddx/wddx.c that is triggered during the handling of specially crafted XML content. This may allow a remote attacker to potentially execute arbitrary code. (CVE-2016-5772)
PHP contains an integer overflow condition in the gdImagePaletteToTrueColor() function in ext/gd/libgd/gd.c. The issue is triggered as user-supplied input is not properly validated. This may allow a remote attacker to cause a heap-based buffer overflow, resulting in a denial of service in a process linked against PHP or potentially allowing the execution of arbitrary code. (CVE-2016-5767)
PHP contains an invalid free flaw in the phar_extract_file() function in ext/phar/phar_object.c. This may allow a remote attacker to have an unspecified impact. (CVE-2016-4473)
PHP contains an integer overflow condition in the _gd2GetHeader() function in ext/gd/libgd/gd_gd2.c. The issue is triggered as user-supplied input is not properly validated. This may allow a remote attacker to cause a heap-based buffer overflow, resulting in a denial of service in a process linked against PHP or potentially allowing the execution of arbitrary code. (CVE-2016-5766)
Binary data 802010.prm
community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeRouter-software-release-v1-9-0/ba-p/1643332
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4473
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5766
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5767
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5768
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5769
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5770
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5772
lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.html
lists.opensuse.org/opensuse-security-announce/2016-08/msg00025.html
lists.opensuse.org/opensuse-security-announce/2016-08/msg00039.html
php.net/ChangeLog-5.php#5.5.37
php.net/ChangeLog-5.php#5.6.23
php.net/ChangeLog-7.php#7.0.8
seclists.org/bugtraq/2016/Jul/68
seclists.org/oss-sec/2016/q2/587
www.php.net/
www.ubuntu.com/usn/usn-3030-1/
www.ubuntu.com/usn/usn-3045-1/
bugs.debian.org/cgi-bin/bugreport.cgi?bug=829014
bugs.php.net/bug.php?id=72262
bugs.php.net/bug.php?id=72268
bugs.php.net/bug.php?id=72275
bugs.php.net/bug.php?id=72298
bugs.php.net/bug.php?id=72321
bugs.php.net/bug.php?id=72339
bugs.php.net/bug.php?id=72340
bugs.php.net/bug.php?id=72400
bugs.php.net/bug.php?id=72402
bugs.php.net/bug.php?id=72403
bugs.php.net/bug.php?id=72407
bugs.php.net/bug.php?id=72446
bugs.php.net/bug.php?id=72455
bugs.php.net/bug.php?id=72782
security-tracker.debian.org/tracker/CVE-2016-5766
www.debian.org/security/2016/dsa-3619
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
96.6%