Lucene search

PRIOn knowledge basePRION:CVE-2016-3142

HistoryMar 31, 2016 - 4:59 p.m.

Out-of-bounds

2016-03-3116:59:00

PRIOn knowledge base

www.prio-n.com

7.1 High

AI Score

Confidence

Low

0.114 Low

EPSS

Percentile

95.2%

JSON

The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\x05\x06 signature at an invalid location.

CPENameOperatorVersion
mac_os_xle10.11.4
phpeq5.6.1
phpeq5.6.5
phpeq5.6.12
phpeq5.6.13
phpeq5.6.0
phpeq5.6.4
phpeq5.6.6
phpeq5.6.18
phpeq5.6.11

Name	Operator	Version
mac_os_x	le	10.11.4
php	eq	5.6.1
php	eq	5.6.5
php	eq	5.6.12
php	eq	5.6.13
php	eq	5.6.0
php	eq	5.6.4
php	eq	5.6.6
php	eq	5.6.18
php	eq	5.6.11

Rows per page:

1-10 of 211

References

lists.apple.com/archives/security-announce/2016/May/msg00004.html

lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html

lists.opensuse.org/opensuse-security-announce/2016-04/msg00056.html

lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html

lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html

rhn.redhat.com/errata/RHSA-2016-2750.html

www.securitytracker.com/id/1035255

www.ubuntu.com/usn/USN-2952-1

www.ubuntu.com/usn/USN-2952-2

bugs.php.net/bug.php?id=71498

git.php.net/?p=php-src.git%3Ba=commit%3Bh=a6fdc5bb27b20d889de0cd29318b3968aabb57bd

php.net/ChangeLog-5.php

support.apple.com/HT206567