Lucene search

[email protected]NVD:CVE-2016-4073

HistoryMay 20, 2016 - 11:00 a.m.

CVE-2016-4073

2016-05-2011:00:18

CWE-119

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.047

Percentile

92.8%

JSON

Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted mb_strcut call.

Affected configurations

Nvd

Node

phpphpMatch5.5.0

phpphpMatch5.5.0alpha1

phpphpMatch5.5.0alpha2

phpphpMatch5.5.0alpha3

phpphpMatch5.5.0alpha4

phpphpMatch5.5.0alpha5

phpphpMatch5.5.0alpha6

phpphpMatch5.5.0beta1

phpphpMatch5.5.0beta2

phpphpMatch5.5.0beta3

phpphpMatch5.5.0beta4

phpphpMatch5.5.0rc1

phpphpMatch5.5.0rc2

phpphpMatch5.5.1

phpphpMatch5.5.2

phpphpMatch5.5.3

phpphpMatch5.5.4

phpphpMatch5.5.5

phpphpMatch5.5.6

phpphpMatch5.5.7

phpphpMatch5.5.8

phpphpMatch5.5.9

phpphpMatch5.5.10

phpphpMatch5.5.11

phpphpMatch5.5.12

phpphpMatch5.5.13

phpphpMatch5.5.14

phpphpMatch5.5.18

phpphpMatch5.5.19

phpphpMatch5.5.20

phpphpMatch5.5.21

phpphpMatch5.5.22

phpphpMatch5.5.23

phpphpMatch5.5.24

phpphpMatch5.5.25

phpphpMatch5.5.26

phpphpMatch5.5.27

phpphpMatch5.5.29

phpphpMatch5.5.30

phpphpMatch5.5.32

phpphpMatch5.5.33

phpphpMatch5.6.0

phpphpMatch5.6.0alpha1

phpphpMatch5.6.0alpha2

phpphpMatch5.6.0alpha3

phpphpMatch5.6.0alpha4

phpphpMatch5.6.0alpha5

phpphpMatch5.6.0beta1

phpphpMatch5.6.0beta2

phpphpMatch5.6.0beta3

phpphpMatch5.6.0beta4

phpphpMatch5.6.1

phpphpMatch5.6.2

phpphpMatch5.6.3

phpphpMatch5.6.4

phpphpMatch5.6.5

phpphpMatch5.6.6

phpphpMatch5.6.7

phpphpMatch5.6.8

phpphpMatch5.6.9

phpphpMatch5.6.10

phpphpMatch5.6.11

phpphpMatch5.6.12

phpphpMatch5.6.13

phpphpMatch5.6.14

phpphpMatch5.6.15

phpphpMatch5.6.16

phpphpMatch5.6.17

phpphpMatch5.6.18

phpphpMatch5.6.19

phpphpMatch7.0.0

phpphpMatch7.0.1

phpphpMatch7.0.2

phpphpMatch7.0.3

phpphpMatch7.0.4

Node

applemac_os_xRange≤10.11.3

References

lists.apple.com/archives/security-announce/2016/May/msg00004.html

lists.opensuse.org/opensuse-security-announce/2016-05/msg00031.html

lists.opensuse.org/opensuse-security-announce/2016-05/msg00033.html

lists.opensuse.org/opensuse-security-announce/2016-05/msg00056.html

rhn.redhat.com/errata/RHSA-2016-2750.html

www.debian.org/security/2016/dsa-3560

www.openwall.com/lists/oss-security/2016/04/24/1

www.php.net/ChangeLog-5.php

www.php.net/ChangeLog-7.php

www.securityfocus.com/bid/85991

www.ubuntu.com/usn/USN-2952-1

www.ubuntu.com/usn/USN-2952-2

bugs.php.net/bug.php?id=71906

gist.github.com/smalyshev/d8355c96a657cc5dba70

git.php.net/?p=php-src.git%3Ba=commit%3Bh=64f42c73efc58e88671ad76b6b6bc8e2b62713e1

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731

security.gentoo.org/glsa/201611-22

support.apple.com/HT206567

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.047

Percentile

92.8%

JSON

Related for NVD:CVE-2016-4073

f51 nessus26 cvelist1 cve1 prion1 debiancve1 ubuntucve1 veracode58 openvas18 suse5 debian3 amazon1 osv1 ubuntu1 gentoo1 apple2 cloudlinux1 redhat1