PT-2016-3405 · Php+4 · Php+4

Shm

Publicado

2016-06-24

Atualizado

2018-01-05

CVE-2016-5768

CVSS v2.0

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.5.37 PHP versions 5.6.x prior to 5.6.23 PHP versions 7.x prior to 7.0.8

Description The issue is related to a double free vulnerability in the mbstring extension of the PHP interpreter, specifically in the php mb regex ereg replace exec function. This vulnerability can be exploited by a remote attacker to execute arbitrary code or cause a denial of service, resulting in an application crash. The exploitation is possible by leveraging a callback exception.

Recommendations For PHP versions prior to 5.5.37, update to version 5.5.37 or later. For PHP versions 5.6.x prior to 5.6.23, update to version 5.6.23 or later. For PHP versions 7.x prior to 7.0.8, update to version 7.0.8 or later.

Exploit

Correção

RCE

DoS

Double Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-415

Identificadores relacionados

BDU:2022-02543

CESA-2016_2598

CVE-2016-5768

DLA-628-1

DSA-3618-1

MGASA-2016-0238

OPENSUSE-SU-2016_1761-1

RHSA-2016:2598

RHSA-2016:2750

RHSA-2016_2598

SUSE-SU-2016:1842-1

USN-3045-1

Produtos afetados

Centos

Php

Red Hat

Suse

Ubuntu

PT-2016-3405 · Php+4 · Php+4

CVE-2016-5768

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 175