CVE-2016-6294 – php: Out-of-bounds access in locale_accept_from_http
https://notcve.org/view.php?id=CVE-2016-6294
The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long argument. La función locale_accept_from_http en ext/intl/locale/locale_methods.c en PHP en versiones anteriores a 5.5.38, 5.6.x en versiones anteriores a 5.6.24 y 7.x en versiones anteriores a 7.0.9 no restringe correctamente llamadas para la función ICU uloc_acceptLanguageFromHTTP, lo que permite a atacantes remotos provocar una denegación de servicio (lectura fuera de rango) o posiblemente tener otro impacto no especificado a través de una llamada con un argumento largo • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=aa82e99ed8003c01f1ef4f0940e56b85c5b032d4 http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://openwall.com/lists/oss-security/2016/07/24/2 http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.debian.org/security/2016/dsa-3631 http://www.securityfocus.com/bid/92115 http://www.securitytracker.com/id/1036430 https://bugs.php& • CWE-125: Out-of-bounds Read •
CVE-2016-6297 – php: Stack-based buffer overflow vulnerability in php_stream_zip_opener
https://notcve.org/view.php?id=CVE-2016-6297
Integer overflow in the php_stream_zip_opener function in ext/zip/zip_stream.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted zip:// URL. Desbordamiento de entero en la función php_stream_zip_opener en ext/zip/zip_stream.c en PHP en versiones anteriores a 5.5.38, 5.6.x en versiones anteriores a 5.6.24 y 7.x en versiones anteriores a 7.0.9 permite a atacantes remotos provocar una denegación de servicio (desbordamiento de entero basado en pila) o posiblemente tener otro impacto no especificado a través de una URL zip:// manipulada. • http://fortiguard.com/advisory/fortinet-discovers-php-stack-based-buffer-overflow-vulnerabilities http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=81406c0c1d45f75fcc7972ed974d2597abb0b9e9 http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://openwall.com/lists/oss-security/2016/07/24/2 http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.debian.org/security/2016/dsa-3631 http://www.s • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVE-2016-6296 – php: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c
https://notcve.org/view.php?id=CVE-2016-6296
Integer signedness error in the simplestring_addn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a long first argument to the PHP xmlrpc_encode_request function. Error de firma de entero en la función simplestring_addn en simplestring.c en xmlrpc-epi hasta la versión 0.54.2, tal como se utiliza en PHP en versiones anteriores a 5.5.38, 5.6.x en versiones anteriores a 5.6.24 y 7.x en versiones anteriores a 7.0.9, permite a atacantes remotos provocar una denegación de servicio (desbordamiento de buffer basado en memoria dinámica) o posiblemente tener otro impacto no especificado a través de un primer argumento largo para la función xmlrpc_encode_request de PHP. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=e6c48213c22ed50b2b987b479fcc1ac709394caa http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://openwall.com/lists/oss-security/2016/07/24/2 http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.debian.org/security/2016/dsa-3631 http://www.securityfocus.com/bid/92095 http://www.securitytracker.com/id/1036430 http://www.ubuntu • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVE-2016-6207 – php,gd: Integer overflow error within _gdContributionsAlloc()
https://notcve.org/view.php?id=CVE-2016-6207
Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors. Desbordamiento de entero en la función _gdContributionsAlloc en gd_interpolation.c en GD Graphics Library (también conocida como libgd) en versiones anteriores a 2.2.3 permite a atacantes remotos causar una denegación de servicio (escritura de memoria fuera de límites o consumo de memoria) a través de vectores no especificados. • http://lists.opensuse.org/opensuse-updates/2016-08/msg00086.html http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html http://packetstormsecurity.com/files/138174/LibGD-2.2.2-Integer-Overflow-Denial-Of-Service.html http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.debian.org/security/2016/dsa-3630 http://www.securityfocus.com/archive/1/539100/100/0/threaded http://www.securityfocus.com/bid/92080 http://www.securitytracker.com/id/1036535 http://www.ubuntu • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVE-2016-5399 – PHP 5.5.37/5.6.23/7.0.8 - 'bzread()' Out-of-Bounds Write
https://notcve.org/view.php?id=CVE-2016-5399
The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive. La función bzread en ext/bz2/bz2.c en PHP en versiones anteriores a 5.5.38, 5.6.x en versiones anteriores a 5.6.24, y 7.x en versiones anteriores a 7.0.9 permite a atacantes remotos provocar una denegación de servicio (escritura fuera de limites) o ejecutar código arbitrario a través de un archivo bz2 manipulado. A flaw was found in the way certain error conditions were handled by bzread() function in PHP. An attacker could use this flaw to upload a specially crafted bz2 archive which, when parsed via the vulnerable function, could cause the application to crash or execute arbitrary code with the permissions of the user running the PHP application. PHP versions 7.0.8, 5.6.23, and 5.5.37 suffers from an out-of-bounds write vulnerability in bzread(). • https://www.exploit-db.com/exploits/40155 http://packetstormsecurity.com/files/137998/PHP-7.0.8-5.6.23-5.5.37-bzread-OOB-Write.html http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://rhn.redhat.com/errata/RHSA-2016-2598.html http://rhn.redhat.com/errata/RHSA-2016-2750.html http://seclists.org/fulldisclosure/2016/Jul/72 http://www.debian.org/security/2016/dsa-3631 http://www.openwall.com/lists/oss-security/2016/07/21/1 http:/ • CWE-390: Detection of Error Condition Without Action CWE-787: Out-of-bounds Write •