PT-2016-3401 · Php+2 · Php+2

Nguyenvuhoang199321

Published

2016-06-24

Updated

2022-07-20

CVE-2016-5772

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.5.37 PHP versions 5.6.x prior to 5.6.23 PHP versions 7.x prior to 7.0.8

Description The issue is related to a double free vulnerability in the php wddx process data function in the WDDX extension. This vulnerability can be exploited by remote attackers via crafted XML data that is mishandled in a wddx deserialize call, potentially leading to a denial of service (application crash) or possibly the execution of arbitrary code.

Recommendations For PHP versions prior to 5.5.37, update to version 5.5.37 or later. For PHP versions 5.6.x prior to 5.6.23, update to version 5.6.23 or later. For PHP versions 7.x prior to 7.0.8, update to version 7.0.8 or later.

Exploit

Fix

DoS

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-415

Related Identifiers

BDU:2022-02539

CVE-2016-5772

DLA-628-1

DSA-3618-1

MGASA-2016-0238

OPENSUSE-SU-2016_1761-1

RHSA-2016:2750

SUSE-SU-2016:1842-1

SUSE-SU-2016:2013-1

SUSE-SU-2016:2080-1

USN-3045-1

Affected Products

Php

Suse

Ubuntu

PT-2016-3401 · Php+2 · Php+2

CVE-2016-5772

Weakness Enumeration

Related Identifiers

Affected Products

References · 181