CVE-2016-5399

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2016-5399
The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://packetstormsecurity.com/files/137998/PHP-7.0.8-5.6.23-5.5.37-bzread-OOB-Write.html Exploit Third Party Advisory VDB Entry
http://php.net/ChangeLog-5.php Release Notes Vendor Advisory
http://php.net/ChangeLog-7.php Release Notes Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2016-2598.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2750.html Third Party Advisory
http://seclists.org/fulldisclosure/2016/Jul/72 Exploit Mailing List Third Party Advisory
http://www.debian.org/security/2016/dsa-3631 Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/07/21/1 Exploit Mailing List Third Party Advisory
http://www.securityfocus.com/archive/1/538966/100/0/threaded Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/92051 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1036430 Third Party Advisory VDB Entry
https://bugs.php.net/bug.php?id=72613 Exploit Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1358395 Issue Tracking Third Party Advisory VDB Entry
https://security.netapp.com/advisory/ntap-20180112-0001/ Third Party Advisory
https://www.exploit-db.com/exploits/40155/ Exploit Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
History

12 Feb 2023, 23:23

Type Values Removed Values Added
References
  • {'url': 'https://access.redhat.com/errata/RHSA-2016:2598', 'name': 'https://access.redhat.com/errata/RHSA-2016:2598', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/security/cve/CVE-2016-5399', 'name': 'https://access.redhat.com/security/cve/CVE-2016-5399', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2016:2750', 'name': 'https://access.redhat.com/errata/RHSA-2016:2750', 'tags': [], 'refsource': 'MISC'}
Summary A flaw was found in the way certain error conditions were handled by bzread() function in PHP. An attacker could use this flaw to upload a specially crafted bz2 archive which, when parsed via the vulnerable function, could cause the application to crash or execute arbitrary code with the permissions of the user running the PHP application. The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive.

02 Feb 2023, 21:17

Type Values Removed Values Added
Summary The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive. A flaw was found in the way certain error conditions were handled by bzread() function in PHP. An attacker could use this flaw to upload a specially crafted bz2 archive which, when parsed via the vulnerable function, could cause the application to crash or execute arbitrary code with the permissions of the user running the PHP application.
References
  • (MISC) https://access.redhat.com/errata/RHSA-2016:2598 -
  • (MISC) https://access.redhat.com/security/cve/CVE-2016-5399 -
  • (MISC) https://access.redhat.com/errata/RHSA-2016:2750 -

16 Aug 2022, 13:16

Type Values Removed Values Added
References (REDHAT) http://rhn.redhat.com/errata/RHSA-2016-2598.html - (REDHAT) http://rhn.redhat.com/errata/RHSA-2016-2598.html - Third Party Advisory
References (REDHAT) http://rhn.redhat.com/errata/RHSA-2016-2750.html - (REDHAT) http://rhn.redhat.com/errata/RHSA-2016-2750.html - Third Party Advisory
References (BUGTRAQ) http://www.securityfocus.com/archive/1/538966/100/0/threaded - (BUGTRAQ) http://www.securityfocus.com/archive/1/538966/100/0/threaded - Third Party Advisory, VDB Entry
References (DEBIAN) http://www.debian.org/security/2016/dsa-3631 - (DEBIAN) http://www.debian.org/security/2016/dsa-3631 - Third Party Advisory
References (CONFIRM) https://security.netapp.com/advisory/ntap-20180112-0001/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20180112-0001/ - Third Party Advisory
CPE cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.14:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.15:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.11:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.23:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.18:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.9:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.16:*:*:*:*:*:*:*
cpe:2.3:a:php:php:7.0.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:*
cpe:2.3:a:php:php:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.10:*:*:*:*:*:*:*
cpe:2.3:a:php:php:7.0.9:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:7.0.7:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.22:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.20:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.21:*:*:*:*:*:*:*
cpe:2.3:a:php:php:7.0.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.19:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.12:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.13:*:*:*:*:*:*:*
cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.17:*:*:*:*:*:*:*
cpe:2.3:a:php:php:7.0.8:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:*
cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.8:*:*:*:*:*:*:*
cpe:2.3:a:php:php:7.0.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.0:beta4:*:*:*:*:*:*
Information

Published : 2017-04-21 20:59

Updated : 2023-12-10 12:01

NVD link : CVE-2016-5399

Mitre link : CVE-2016-5399

CVE.ORG link : CVE-2016-5399

JSON object : View

Products Affected

php

  • php
CWE
CWE-787

Out-of-bounds Write