CVE-2016-4342

Published on: 05/21/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:26:57 PM UTC

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Certain versions of Leap from Opensuse contain the following vulnerability:

ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive.

  • CVE-2016-4342 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 8.8 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE REQUIRED
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 8.3 - HIGH

Access
Vector
Access
Complexity
Authentication
NETWORK MEDIUM NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL PARTIAL COMPLETE

CVE References

Description Tags Link
openSUSE-SU-2016:1357-1: moderate: Security update for php5 lists.opensuse.org
text/html
URL Logo SUSE openSUSE-SU-2016:1357
Document Display | HPE Support Center h20566.www2.hpe.com
text/html
URL Logo CONFIRM h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149
Document Display | HPE Support Center h20566.www2.hpe.com
text/html
URL Logo CONFIRM h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
Document Display | HPE Support Center h20566.www2.hpe.com
text/html
URL Logo CONFIRM h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731
PHP 'ext/phar/phar_object.c' Heap Buffer Overflow Vulnerability cve.report (archive)
text/html
URL Logo BID 89154
PHP: PHP 7 ChangeLog php.net
text/html
URL Logo CONFIRM php.net/ChangeLog-7.php
PHP :: Sec Bug #71354 :: Heap corruption in tar/zip/phar parser. bugs.php.net
text/html
URL Logo CONFIRM bugs.php.net/bug.php?id=71354
oss-security - [CVE Requests] PHP issues Exploit
www.openwall.com
text/html
URL Logo MLIST [oss-security] 20160428 [CVE Requests] PHP issues
openSUSE-SU-2016:1524-1: moderate: Security update for php5 lists.opensuse.org
text/html
URL Logo SUSE openSUSE-SU-2016:1524
Red Hat Customer Portal web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2016:2750
PHP: PHP 5 ChangeLog php.net
text/html
URL Logo CONFIRM php.net/ChangeLog-5.php

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Operating
System
OpensuseLeap42.1AllAllAll
Operating
System
OpensuseLeap42.1AllAllAll
ApplicationPhpPhp5.6.0AllAllAll
ApplicationPhpPhp5.6.1AllAllAll
ApplicationPhpPhp5.6.10AllAllAll
ApplicationPhpPhp5.6.11AllAllAll
ApplicationPhpPhp5.6.12AllAllAll
ApplicationPhpPhp5.6.13AllAllAll
ApplicationPhpPhp5.6.14AllAllAll
ApplicationPhpPhp5.6.15AllAllAll
ApplicationPhpPhp5.6.16AllAllAll
ApplicationPhpPhp5.6.17AllAllAll
ApplicationPhpPhp5.6.2AllAllAll
ApplicationPhpPhp5.6.3AllAllAll
ApplicationPhpPhp5.6.4AllAllAll
ApplicationPhpPhp5.6.5AllAllAll
ApplicationPhpPhp5.6.6AllAllAll
ApplicationPhpPhp5.6.7AllAllAll
ApplicationPhpPhp5.6.8AllAllAll
ApplicationPhpPhp5.6.9AllAllAll
ApplicationPhpPhp7.0.0AllAllAll
ApplicationPhpPhp7.0.1AllAllAll
ApplicationPhpPhp7.0.2AllAllAll
ApplicationPhpPhp5.6.0AllAllAll
ApplicationPhpPhp5.6.1AllAllAll
ApplicationPhpPhp5.6.10AllAllAll
ApplicationPhpPhp5.6.11AllAllAll
ApplicationPhpPhp5.6.12AllAllAll
ApplicationPhpPhp5.6.13AllAllAll
ApplicationPhpPhp5.6.14AllAllAll
ApplicationPhpPhp5.6.15AllAllAll
ApplicationPhpPhp5.6.16AllAllAll
ApplicationPhpPhp5.6.17AllAllAll
ApplicationPhpPhp5.6.2AllAllAll
ApplicationPhpPhp5.6.3AllAllAll
ApplicationPhpPhp5.6.4AllAllAll
ApplicationPhpPhp5.6.5AllAllAll
ApplicationPhpPhp5.6.6AllAllAll
ApplicationPhpPhp5.6.7AllAllAll
ApplicationPhpPhp5.6.8AllAllAll
ApplicationPhpPhp5.6.9AllAllAll
ApplicationPhpPhp7.0.0AllAllAll
ApplicationPhpPhp7.0.1AllAllAll
ApplicationPhpPhp7.0.2AllAllAll
ApplicationPhpPhpAllAllAllAll
  • cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*:
  • cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.10:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.11:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.12:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.13:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.14:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.15:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.16:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.17:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.8:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.9:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.10:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.11:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.12:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.13:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.14:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.15:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.16:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.17:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.8:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.9:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:*:*:*:*:*:*:*:*: