Lucene search

K

[email protected]NVD:CVE-2016-4538

HistoryMay 22, 2016 - 1:59 a.m.

CVE-2016-4538

2016-05-2201:59:22

CWE-20

[email protected]

web.nvd.nist.gov

1

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.036 Low

EPSS

Percentile

91.7%

The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 modifies certain data structures without considering whether they are copies of the zero, one, or two global variable, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call.

Affected configurations

NVD

Node

phpphpRange≤5.5.33

OR

phpphpMatch5.6.0

OR

phpphpMatch5.6.1

OR

phpphpMatch5.6.2

OR

phpphpMatch5.6.3

OR

phpphpMatch5.6.4

OR

phpphpMatch5.6.5

OR

phpphpMatch5.6.6

OR

phpphpMatch5.6.7

OR

phpphpMatch5.6.8

OR

phpphpMatch5.6.9

OR

phpphpMatch5.6.10

OR

phpphpMatch5.6.11

OR

phpphpMatch5.6.12

OR

phpphpMatch5.6.13

OR

phpphpMatch5.6.14

OR

phpphpMatch5.6.15

OR

phpphpMatch5.6.16

OR

phpphpMatch5.6.17

OR

phpphpMatch5.6.18

OR

phpphpMatch5.6.19

OR

phpphpMatch5.6.20

OR

phpphpMatch7.0.0

OR

phpphpMatch7.0.1

OR

phpphpMatch7.0.2

OR

phpphpMatch7.0.3

OR

phpphpMatch7.0.4

OR

phpphpMatch7.0.5

Node

fedoraprojectfedoraMatch24

Node

opensuseleapMatch42.1

References

lists.fedoraproject.org/pipermail/package-announce/2016-May/183736.html

lists.opensuse.org/opensuse-updates/2016-05/msg00086.html

lists.opensuse.org/opensuse-updates/2016-06/msg00027.html

php.net/ChangeLog-5.php

php.net/ChangeLog-7.php

rhn.redhat.com/errata/RHSA-2016-2750.html

www.debian.org/security/2016/dsa-3602

www.openwall.com/lists/oss-security/2016/05/05/21

www.securityfocus.com/bid/90173

bugs.php.net/bug.php?id=72093

git.php.net/?p=php-src.git%3Ba=commit%3Bh=d650063a0457aec56364e4005a636dc6c401f9cd

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

security.gentoo.org/glsa/201611-22

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.036 Low

EPSS

Percentile

91.7%

Related for NVD:CVE-2016-4538

cvelist1 cve1 prion1 debiancve1 f52 ubuntucve1 fedora2 nessus26 openvas15 debian3 ubuntu1 osv1 ibm1 suse2 gentoo1 veracode57 redhat1 rosalinux1