ID CVE-2016-5768
Summary Double free vulnerability in the _php_mb_regex_ereg_replace_exec function in php_mbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by leveraging a callback exception.
References
Vulnerable Configurations
  • PHP 5.6.0 alpha1
    cpe:2.3:a:php:php:5.6.0:alpha1
  • PHP 5.6.0 alpha2
    cpe:2.3:a:php:php:5.6.0:alpha2
  • PHP 5.6.0 alpha3
    cpe:2.3:a:php:php:5.6.0:alpha3
  • PHP 5.6.0 alpha4
    cpe:2.3:a:php:php:5.6.0:alpha4
  • PHP 5.6.0 alpha5
    cpe:2.3:a:php:php:5.6.0:alpha5
  • PHP 5.6.0 beta1
    cpe:2.3:a:php:php:5.6.0:beta1
  • PHP 5.6.0 beta2
    cpe:2.3:a:php:php:5.6.0:beta2
  • PHP 5.6.0 beta3
    cpe:2.3:a:php:php:5.6.0:beta3
  • PHP 5.6.0 beta4
    cpe:2.3:a:php:php:5.6.0:beta4
  • PHP PHP 5.6.1
    cpe:2.3:a:php:php:5.6.1
  • PHP 7.0.0
    cpe:2.3:a:php:php:7.0.0
  • PHP 7.0.1
    cpe:2.3:a:php:php:7.0.1
  • PHP 7.0.2
    cpe:2.3:a:php:php:7.0.2
  • PHP 7.0.3
    cpe:2.3:a:php:php:7.0.3
  • PHP 7.0.4
    cpe:2.3:a:php:php:7.0.4
  • PHP 7.0.5
    cpe:2.3:a:php:php:7.0.5
  • PHP 7.0.6
    cpe:2.3:a:php:php:7.0.6
  • PHP 7.0.7
    cpe:2.3:a:php:php:7.0.7
  • PHP PHP 5.6.10
    cpe:2.3:a:php:php:5.6.10
  • PHP PHP 5.6.11
    cpe:2.3:a:php:php:5.6.11
  • PHP PHP 5.6.12
    cpe:2.3:a:php:php:5.6.12
  • PHP PHP 5.6.13
    cpe:2.3:a:php:php:5.6.13
  • PHP 5.6.14
    cpe:2.3:a:php:php:5.6.14
  • PHP 5.6.15
    cpe:2.3:a:php:php:5.6.15
  • PHP 5.6.16
    cpe:2.3:a:php:php:5.6.16
  • PHP 5.6.17
    cpe:2.3:a:php:php:5.6.17
  • PHP 5.6.18
    cpe:2.3:a:php:php:5.6.18
  • PHP 5.6.19
    cpe:2.3:a:php:php:5.6.19
  • PHP 5.6.2
    cpe:2.3:a:php:php:5.6.2
  • PHP 5.6.20
    cpe:2.3:a:php:php:5.6.20
  • PHP 5.6.21
    cpe:2.3:a:php:php:5.6.21
  • PHP 5.6.22
    cpe:2.3:a:php:php:5.6.22
  • PHP 5.6.3
    cpe:2.3:a:php:php:5.6.3
  • PHP 5.6.4
    cpe:2.3:a:php:php:5.6.4
  • PHP 5.6.5
    cpe:2.3:a:php:php:5.6.5
  • PHP 5.6.6
    cpe:2.3:a:php:php:5.6.6
  • PHP 5.6.7
    cpe:2.3:a:php:php:5.6.7
  • PHP PHP 5.6.8
    cpe:2.3:a:php:php:5.6.8
  • PHP PHP 5.6.9
    cpe:2.3:a:php:php:5.6.9
  • PHP 5.5.36
    cpe:2.3:a:php:php:5.5.36
CVSS
Base: 7.5 (as of 09-08-2016 - 15:59)
Impact:
Exploitability:
CWE CWE-415
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
redhat via4
advisories
bugzilla
id 1358395
title CVE-2016-5399 php: Improper error handling in bzread()
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 7 Client is installed
      oval oval:com.redhat.rhsa:tst:20140675001
    • comment Red Hat Enterprise Linux 7 Server is installed
      oval oval:com.redhat.rhsa:tst:20140675002
    • comment Red Hat Enterprise Linux 7 Workstation is installed
      oval oval:com.redhat.rhsa:tst:20140675003
    • comment Red Hat Enterprise Linux 7 ComputeNode is installed
      oval oval:com.redhat.rhsa:tst:20140675004
  • OR
    • AND
      • comment php is earlier than 0:5.4.16-42.el7
        oval oval:com.redhat.rhsa:tst:20162598021
      • comment php is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110195006
    • AND
      • comment php-bcmath is earlier than 0:5.4.16-42.el7
        oval oval:com.redhat.rhsa:tst:20162598051
      • comment php-bcmath is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110195048
    • AND
      • comment php-cli is earlier than 0:5.4.16-42.el7
        oval oval:com.redhat.rhsa:tst:20162598013
      • comment php-cli is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110195044
    • AND
      • comment php-common is earlier than 0:5.4.16-42.el7
        oval oval:com.redhat.rhsa:tst:20162598043
      • comment php-common is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110195010
    • AND
      • comment php-dba is earlier than 0:5.4.16-42.el7
        oval oval:com.redhat.rhsa:tst:20162598015
      • comment php-dba is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110195054
    • AND
      • comment php-devel is earlier than 0:5.4.16-42.el7
        oval oval:com.redhat.rhsa:tst:20162598017
      • comment php-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110195032
    • AND
      • comment php-embedded is earlier than 0:5.4.16-42.el7
        oval oval:com.redhat.rhsa:tst:20162598005
      • comment php-embedded is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110195038
    • AND
      • comment php-enchant is earlier than 0:5.4.16-42.el7
        oval oval:com.redhat.rhsa:tst:20162598007
      • comment php-enchant is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110195026
    • AND
      • comment php-fpm is earlier than 0:5.4.16-42.el7
        oval oval:com.redhat.rhsa:tst:20162598039
      • comment php-fpm is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20130514036
    • AND
      • comment php-gd is earlier than 0:5.4.16-42.el7
        oval oval:com.redhat.rhsa:tst:20162598023
      • comment php-gd is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110195056
    • AND
      • comment php-intl is earlier than 0:5.4.16-42.el7
        oval oval:com.redhat.rhsa:tst:20162598031
      • comment php-intl is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110195030
    • AND
      • comment php-ldap is earlier than 0:5.4.16-42.el7
        oval oval:com.redhat.rhsa:tst:20162598033
      • comment php-ldap is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110195046
    • AND
      • comment php-mbstring is earlier than 0:5.4.16-42.el7
        oval oval:com.redhat.rhsa:tst:20162598019
      • comment php-mbstring is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110195042
    • AND
      • comment php-mysql is earlier than 0:5.4.16-42.el7
        oval oval:com.redhat.rhsa:tst:20162598027
      • comment php-mysql is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110195008
    • AND
      • comment php-mysqlnd is earlier than 0:5.4.16-42.el7
        oval oval:com.redhat.rhsa:tst:20162598035
      • comment php-mysqlnd is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20141013028
    • AND
      • comment php-odbc is earlier than 0:5.4.16-42.el7
        oval oval:com.redhat.rhsa:tst:20162598047
      • comment php-odbc is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110195020
    • AND
      • comment php-pdo is earlier than 0:5.4.16-42.el7
        oval oval:com.redhat.rhsa:tst:20162598049
      • comment php-pdo is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110195018
    • AND
      • comment php-pgsql is earlier than 0:5.4.16-42.el7
        oval oval:com.redhat.rhsa:tst:20162598045
      • comment php-pgsql is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110195014
    • AND
      • comment php-process is earlier than 0:5.4.16-42.el7
        oval oval:com.redhat.rhsa:tst:20162598011
      • comment php-process is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110195016
    • AND
      • comment php-pspell is earlier than 0:5.4.16-42.el7
        oval oval:com.redhat.rhsa:tst:20162598009
      • comment php-pspell is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110195028
    • AND
      • comment php-recode is earlier than 0:5.4.16-42.el7
        oval oval:com.redhat.rhsa:tst:20162598029
      • comment php-recode is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110195050
    • AND
      • comment php-snmp is earlier than 0:5.4.16-42.el7
        oval oval:com.redhat.rhsa:tst:20162598025
      • comment php-snmp is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110195036
    • AND
      • comment php-soap is earlier than 0:5.4.16-42.el7
        oval oval:com.redhat.rhsa:tst:20162598041
      • comment php-soap is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110195024
    • AND
      • comment php-xml is earlier than 0:5.4.16-42.el7
        oval oval:com.redhat.rhsa:tst:20162598037
      • comment php-xml is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110195022
    • AND
      • comment php-xmlrpc is earlier than 0:5.4.16-42.el7
        oval oval:com.redhat.rhsa:tst:20162598053
      • comment php-xmlrpc is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110195052
rhsa
id RHSA-2016:2598
released 2016-11-03
severity Moderate
title RHSA-2016:2598: php security and bug fix update (Moderate)
rpms
  • php-0:5.4.16-42.el7
  • php-bcmath-0:5.4.16-42.el7
  • php-cli-0:5.4.16-42.el7
  • php-common-0:5.4.16-42.el7
  • php-dba-0:5.4.16-42.el7
  • php-devel-0:5.4.16-42.el7
  • php-embedded-0:5.4.16-42.el7
  • php-enchant-0:5.4.16-42.el7
  • php-fpm-0:5.4.16-42.el7
  • php-gd-0:5.4.16-42.el7
  • php-intl-0:5.4.16-42.el7
  • php-ldap-0:5.4.16-42.el7
  • php-mbstring-0:5.4.16-42.el7
  • php-mysql-0:5.4.16-42.el7
  • php-mysqlnd-0:5.4.16-42.el7
  • php-odbc-0:5.4.16-42.el7
  • php-pdo-0:5.4.16-42.el7
  • php-pgsql-0:5.4.16-42.el7
  • php-process-0:5.4.16-42.el7
  • php-pspell-0:5.4.16-42.el7
  • php-recode-0:5.4.16-42.el7
  • php-snmp-0:5.4.16-42.el7
  • php-soap-0:5.4.16-42.el7
  • php-xml-0:5.4.16-42.el7
  • php-xmlrpc-0:5.4.16-42.el7
refmap via4
apple APPLE-SA-2016-09-20
bid 91396
confirm
debian DSA-3618
mlist [oss-security] 20160623 Re: CVE for PHP 5.5.37 issues
suse
  • openSUSE-SU-2016:1761
  • openSUSE-SU-2016:1922
Last major update 28-11-2016 - 15:29
Published 07-08-2016 - 06:59
Back to Top