Lucene search

PRIOn knowledge basePRION:CVE-2016-3141

HistoryMar 31, 2016 - 4:59 p.m.

Design/Logic Flaw

2016-03-3116:59:00

PRIOn knowledge base

www.prio-n.com

8 High

AI Score

Confidence

High

0.058 Low

EPSS

Percentile

93.4%

JSON

Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element.

CPENameOperatorVersion
mac_os_xle10.11.4
phpeq5.6.1
phpeq5.6.5
phpeq5.6.12
phpeq5.6.13
phpeq5.6.0
phpeq5.6.4
phpeq5.6.6
phpeq5.6.18
phpeq5.6.11

Name	Operator	Version
mac_os_x	le	10.11.4
php	eq	5.6.1
php	eq	5.6.5
php	eq	5.6.12
php	eq	5.6.13
php	eq	5.6.0
php	eq	5.6.4
php	eq	5.6.6
php	eq	5.6.18
php	eq	5.6.11

Rows per page:

1-10 of 211

References

git.php.net/?p=php-src.git%3Ba=commit%3Bh=b1bd4119bcafab6f9a8f84d92cd65eec3afeface

lists.apple.com/archives/security-announce/2016/May/msg00004.html

lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html

lists.opensuse.org/opensuse-security-announce/2016-04/msg00056.html

lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html

lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html

rhn.redhat.com/errata/RHSA-2016-2750.html

www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html

www.securityfocus.com/bid/84271

www.securitytracker.com/id/1035255

www.ubuntu.com/usn/USN-2952-1

www.ubuntu.com/usn/USN-2952-2

bugs.php.net/bug.php?id=71587

php.net/ChangeLog-5.php

support.apple.com/HT206567