PT-2017-2398 · Php+3 · Php+3

Eyal Itkin

Publicado

2017-01-24

Atualizado

2022-07-20

CVE-2016-10160

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.6.30 PHP versions 7.0.x prior to 7.0.15

Description The issue is related to an off-by-one error in the phar parse pharfile function. This error can be exploited by remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code. The exploitation is done via a crafted PHAR archive with an alias mismatch.

Recommendations For PHP versions prior to 5.6.30, update to version 5.6.30 or later. For PHP versions 7.0.x prior to 7.0.15, update to version 7.0.15 or later.

Correção

DoS

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119CWE-193

Identificadores relacionados

ALT-PU-2017-1114

BDU:2017-01601

CVE-2016-10160

DLA-818-1

DSA-3783-1

MGASA-2017-0040

OPENSUSE-SU-2017_0588-1

RHSA-2018:1296

SUSE-SU-2017:0534-1

SUSE-SU-2017:0556-1

SUSE-SU-2017:0568-1

USN-3196-1

USN-3211-1

USN-3211-2

Produtos afetados

Alt Linux

Php

Suse

Ubuntu

PT-2017-2398 · Php+3 · Php+3

CVE-2016-10160

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 73