CVE-2016-4070
Published on: 05/20/2016 12:00:00 AM UTC
Last Modified on: 03/23/2021 11:26:58 PM UTC
Certain versions of Php from Php contain the following vulnerability:
** DISPUTED ** Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function. NOTE: the vendor says "Not sure if this qualifies as security issue (probably not)."
- CVE-2016-4070 has been assigned by
[email protected] to track the vulnerability - currently rated as HIGH severity.
CVSS3 Score: 7.5 - HIGH
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|
---|---|---|---|---|
NETWORK | LOW | NONE | NONE | |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
|
UNCHANGED | NONE | NONE | HIGH |
CVSS2 Score: 5 - MEDIUM
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | LOW | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
NONE | NONE | PARTIAL |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
About the security content of OS X El Capitan v10.11.5 and Security Update 2016-003 - Apple Support | support.apple.com text/html |
![]() |
APPLE-SA-2016-05-16-4 OS X El Capitan 10.11.5 and Security Update 2016-003 | lists.apple.com text/html |
![]() |
PHP 'php_raw_url_encode()' Function Integer Overflow Vulnerability | cve.report (archive) text/html |
![]() |
Document Display | HPE Support Center | h20566.www2.hpe.com text/html |
![]() |
USN-2952-2: PHP regression | Ubuntu | www.ubuntu.com text/html |
![]() |
[security-announce] openSUSE-SU-2016:1274-1: important: Security update | lists.opensuse.org text/html |
![]() |
Document Display | HPE Support Center | h20566.www2.hpe.com text/html |
![]() |
Document Display | HPE Support Center | h20566.www2.hpe.com text/html |
![]() |
208.43.231.11 Git - php-src.git/commit | git.php.net text/xml |
![]() |
[security-announce] SUSE-SU-2016:1277-1: important: Security update for | lists.opensuse.org text/html |
![]() |
Red Hat Customer Portal | web.archive.org text/html Inactive LinkNot Archived |
![]() |
oss-security - Re: CVE request: PHP issues fixed in 7.0.5, 5.6.20 and 5.5.34 releases | www.openwall.com text/html |
![]() |
USN-2952-1: PHP vulnerabilities | Ubuntu | www.ubuntu.com text/html |
![]() |
Debian -- Security Information -- DSA-3560-1 php5 | www.debian.org Depreciated Link text/html |
![]() |
PHP: PHP 7 ChangeLog | www.php.net text/html |
![]() |
PHP: PHP 5 ChangeLog | www.php.net text/html |
![]() |
PHP :: Sec Bug #71798 :: Integer Overflow in php_raw_url_encode | Exploit bugs.php.net text/html |
![]() |
[security-announce] openSUSE-SU-2016:1373-1: important: Security update | lists.opensuse.org text/html |
![]() |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Php | Php | 5.6.0 | alpha1 | All | All |
Application | Php | Php | 5.6.0 | alpha2 | All | All |
Application | Php | Php | 5.6.0 | alpha3 | All | All |
Application | Php | Php | 5.6.0 | alpha4 | All | All |
Application | Php | Php | 5.6.0 | alpha5 | All | All |
Application | Php | Php | 5.6.0 | beta1 | All | All |
Application | Php | Php | 5.6.0 | beta2 | All | All |
Application | Php | Php | 5.6.0 | beta3 | All | All |
Application | Php | Php | 5.6.0 | beta4 | All | All |
Application | Php | Php | 5.6.1 | All | All | All |
Application | Php | Php | 5.6.10 | All | All | All |
Application | Php | Php | 5.6.11 | All | All | All |
Application | Php | Php | 5.6.12 | All | All | All |
Application | Php | Php | 5.6.13 | All | All | All |
Application | Php | Php | 5.6.14 | All | All | All |
Application | Php | Php | 5.6.15 | All | All | All |
Application | Php | Php | 5.6.16 | All | All | All |
Application | Php | Php | 5.6.17 | All | All | All |
Application | Php | Php | 5.6.18 | All | All | All |
Application | Php | Php | 5.6.19 | All | All | All |
Application | Php | Php | 5.6.2 | All | All | All |
Application | Php | Php | 5.6.3 | All | All | All |
Application | Php | Php | 5.6.4 | All | All | All |
Application | Php | Php | 5.6.5 | All | All | All |
Application | Php | Php | 5.6.6 | All | All | All |
Application | Php | Php | 5.6.7 | All | All | All |
Application | Php | Php | 5.6.8 | All | All | All |
Application | Php | Php | 5.6.9 | All | All | All |
Application | Php | Php | 7.0.0 | All | All | All |
Application | Php | Php | 7.0.1 | All | All | All |
Application | Php | Php | 7.0.2 | All | All | All |
Application | Php | Php | 7.0.3 | All | All | All |
Application | Php | Php | 7.0.4 | All | All | All |
Application | Php | Php | 5.6.0 | alpha1 | All | All |
Application | Php | Php | 5.6.0 | alpha2 | All | All |
Application | Php | Php | 5.6.0 | alpha3 | All | All |
Application | Php | Php | 5.6.0 | alpha4 | All | All |
Application | Php | Php | 5.6.0 | alpha5 | All | All |
Application | Php | Php | 5.6.0 | beta1 | All | All |
Application | Php | Php | 5.6.0 | beta2 | All | All |
Application | Php | Php | 5.6.0 | beta3 | All | All |
Application | Php | Php | 5.6.0 | beta4 | All | All |
Application | Php | Php | 5.6.1 | All | All | All |
Application | Php | Php | 5.6.10 | All | All | All |
Application | Php | Php | 5.6.11 | All | All | All |
Application | Php | Php | 5.6.12 | All | All | All |
Application | Php | Php | 5.6.13 | All | All | All |
Application | Php | Php | 5.6.14 | All | All | All |
Application | Php | Php | 5.6.15 | All | All | All |
Application | Php | Php | 5.6.16 | All | All | All |
Application | Php | Php | 5.6.17 | All | All | All |
Application | Php | Php | 5.6.18 | All | All | All |
Application | Php | Php | 5.6.19 | All | All | All |
Application | Php | Php | 5.6.2 | All | All | All |
Application | Php | Php | 5.6.3 | All | All | All |
Application | Php | Php | 5.6.4 | All | All | All |
Application | Php | Php | 5.6.5 | All | All | All |
Application | Php | Php | 5.6.6 | All | All | All |
Application | Php | Php | 5.6.7 | All | All | All |
Application | Php | Php | 5.6.8 | All | All | All |
Application | Php | Php | 5.6.9 | All | All | All |
Application | Php | Php | 7.0.0 | All | All | All |
Application | Php | Php | 7.0.1 | All | All | All |
Application | Php | Php | 7.0.2 | All | All | All |
Application | Php | Php | 7.0.3 | All | All | All |
Application | Php | Php | 7.0.4 | All | All | All |
Application | Php | Php | All | All | All | All |
- cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:*:
- cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:*:
- cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:*:
- cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:*:
- cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:*:
- cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:*:
- cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:*:
- cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:*:
- cpe:2.3:a:php:php:5.6.0:beta4:*:*:*:*:*:*:
- cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*:
- cpe:2.3:a:php:php:5.6.10:*:*:*:*:*:*:*:
- cpe:2.3:a:php:php:5.6.11:*:*:*:*:*:*:*:
- cpe:2.3:a:php:php:5.6.12:*:*:*:*:*:*:*:
- cpe:2.3:a:php:php:5.6.13:*:*:*:*:*:*:*:
- cpe:2.3:a:php:php:5.6.14:*:*:*:*:*:*:*:
- cpe:2.3:a:php:php:5.6.15:*:*:*:*:*:*:*:
- cpe:2.3:a:php:php:5.6.16:*:*:*:*:*:*:*:
- cpe:2.3:a:php:php:5.6.17:*:*:*:*:*:*:*:
- cpe:2.3:a:php:php:5.6.18:*:*:*:*:*:*:*:
- cpe:2.3:a:php:php:5.6.19:*:*:*:*:*:*:*:
- cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*:
- cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*:
- cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*:
- cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*:
- cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*:
- cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*:
- cpe:2.3:a:php:php:5.6.8:*:*:*:*:*:*:*:
- cpe:2.3:a:php:php:5.6.9:*:*:*:*:*:*:*:
- cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:*:
- cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*:
- cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:*:
- cpe:2.3:a:php:php:7.0.3:*:*:*:*:*:*:*:
- cpe:2.3:a:php:php:7.0.4:*:*:*:*:*:*:*:
- cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:*:
- cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:*:
- cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:*:
- cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:*:
- cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:*:
- cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:*:
- cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:*:
- cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:*:
- cpe:2.3:a:php:php:5.6.0:beta4:*:*:*:*:*:*:
- cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*:
- cpe:2.3:a:php:php:5.6.10:*:*:*:*:*:*:*:
- cpe:2.3:a:php:php:5.6.11:*:*:*:*:*:*:*:
- cpe:2.3:a:php:php:5.6.12:*:*:*:*:*:*:*:
- cpe:2.3:a:php:php:5.6.13:*:*:*:*:*:*:*:
- cpe:2.3:a:php:php:5.6.14:*:*:*:*:*:*:*:
- cpe:2.3:a:php:php:5.6.15:*:*:*:*:*:*:*:
- cpe:2.3:a:php:php:5.6.16:*:*:*:*:*:*:*:
- cpe:2.3:a:php:php:5.6.17:*:*:*:*:*:*:*:
- cpe:2.3:a:php:php:5.6.18:*:*:*:*:*:*:*:
- cpe:2.3:a:php:php:5.6.19:*:*:*:*:*:*:*:
- cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*:
- cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*:
- cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*:
- cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*:
- cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*:
- cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*:
- cpe:2.3:a:php:php:5.6.8:*:*:*:*:*:*:*:
- cpe:2.3:a:php:php:5.6.9:*:*:*:*:*:*:*:
- cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:*:
- cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*:
- cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:*:
- cpe:2.3:a:php:php:7.0.3:*:*:*:*:*:*:*:
- cpe:2.3:a:php:php:7.0.4:*:*:*:*:*:*:*:
- cpe:2.3:a:php:php:*:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE