PT-2016-1608 · Php+2 · Php+2

Published

2016-03-31

Updated

2018-02-07

CVE-2016-3141

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.5.33 PHP versions 5.6.x prior to 5.6.19

Description The issue is related to a use-after-free vulnerability in the WDDX extension. This vulnerability can be exploited by remote attackers to cause a denial of service, resulting in memory corruption and application crash, or possibly have other unspecified impacts. The exploitation occurs when a crafted var element in XML data triggers a wddx deserialize call.

Recommendations For PHP versions prior to 5.5.33, update to version 5.5.33 or later. For PHP versions 5.6.x prior to 5.6.19, update to version 5.6.19 or later. As a temporary workaround, consider disabling the wddx deserialize function until a patch is available.

Exploit

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2018-1138

BDU:2016-00909

CVE-2016-3141

DLA-818-1

OPENSUSE-SU-2016_1167-1

OPENSUSE-SU-2016_1173-1

RHSA-2016:2750

SUSE-SU-2016:1145-1

SUSE-SU-2016:1166-1

SUSE-SU-2016:1581-1

SUSE-SU-2016:1638-1

SUSE-SU-2016_1145-1

SUSE-SU-2016_1166-1

SUSE-SU-2016_1581-1

SUSE-SU-2016_1638-1

USN-2952-1

Affected Products

Php

Suse

Ubuntu

PT-2016-1608 · Php+2 · Php+2

CVE-2016-3141

Weakness Enumeration

Related Identifiers

Affected Products

References · 473