Page 23 of 208 results (0.009 seconds)

CVSS: 8.8EPSS: 3%CPEs: 23EXPL: 1

CVE-2016-4342 – php: use of uninitialized pointer in PharFileInfo::getContent

https://notcve.org/view.php?id=CVE-2016-4342

ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive. ext/phar/phar_object.c en PHP en versiones anteriores a 5.5.32, 5.6.x en versiones anteriores a 5.6.18 y 7.x en versiones anteriores a 7.0.3 no maneja correctamente los datos sin comprimir de longitud cero, lo que permite a atacantes remotos provocar una denegación de servicio (corrupción de la memoria dinámica) o posiblemente tener otro impacto no especificado a través de un archivo (1) TAR, (2) ZIP o (3) PHAR manipulado. • http://lists.opensuse.org/opensuse-updates/2016-05/msg00086.html http://lists.opensuse.org/opensuse-updates/2016-06/msg00027.html http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.openwall.com/lists/oss-security/2016/04/28/2 http://www.securityfocus.com/bid/89154 https://bugs.php.net/bug.php?id=71354 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-665: Improper Initialization •

CVSS: 8.8EPSS: 29%CPEs: 4EXPL: 1

CVE-2016-4343 – php: Uninitialized pointer in phar_make_dirstream()

https://notcve.org/view.php?id=CVE-2016-4343

The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service (uninitialized pointer dereference) or possibly have unspecified other impact via a crafted TAR archive. La función phar_make_dirstream en ext/phar/dirstream.c en PHP en versiones anteriores a 5.6.18 y 7.x en versiones anteriores a 7.0.3 no maneja correctamente archivos ././@LongLink de tamaño cero, lo que permite a atacantes remotos provocar una denegación de servicio (referencia a puntero no inicializado) o posiblemente tener otro impacto no especificado a través de un archivo TAR manipulado. • http://lists.opensuse.org/opensuse-updates/2016-05/msg00086.html http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.openwall.com/lists/oss-security/2016/04/28/2 http://www.securityfocus.com/bid/89179 https://bugs.php.net/bug.php?id=71331 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDi • CWE-456: Missing Initialization of a Variable CWE-824: Access of Uninitialized Pointer •

CVSS: 9.8EPSS: 3%CPEs: 30EXPL: 1

CVE-2016-4537 – php: bcpowmod accepts negative scale causing heap buffer overflow corrupting _one_ definition

https://notcve.org/view.php?id=CVE-2016-4537

The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 accepts a negative integer for the scale argument, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call. La función bcpowmod en ext/bcmath/bcmath.c en PHP en versiones anteriores a 5.5.35, 5.6.x en versiones anteriores a 5.6.21 y 7.x en versiones anteriores a 7.0.6 acepta un entero negativo para el argumento escala, lo que permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de una llamada manipulada. • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183736.html http://lists.opensuse.org/opensuse-updates/2016-05/msg00086.html http://lists.opensuse.org/opensuse-updates/2016-06/msg00027.html http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.debian.org/security/2016/dsa-3602 http://www.openwall.com/lists/oss-security/2016/05/05/21 http://www.securityfocus.com/bid/90173 https:/ • CWE-20: Improper Input Validation CWE-122: Heap-based Buffer Overflow •

CVSS: 9.8EPSS: 3%CPEs: 30EXPL: 1

CVE-2016-4538 – php: bcpowmod accepts negative scale causing heap buffer overflow corrupting _one_ definition

https://notcve.org/view.php?id=CVE-2016-4538

The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 modifies certain data structures without considering whether they are copies of the _zero_, _one_, or _two_ global variable, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call. La función bcpowmod en ext/bcmath/bcmath.c en PHP en versiones anteriores a 5.5.35, 5.6.x en versiones anteriores a 5.6.21 y 7.x en versiones anteriores a 7.0.6 modifica ciertas estructuras de datos sin considerar si son copias de la variable global _zero_, _one_, o _two_, lo que permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de una llamada manipulada. • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183736.html http://lists.opensuse.org/opensuse-updates/2016-05/msg00086.html http://lists.opensuse.org/opensuse-updates/2016-06/msg00027.html http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.debian.org/security/2016/dsa-3602 http://www.openwall.com/lists/oss-security/2016/05/05/21 http://www.securityfocus.com/bid/90173 https:/ • CWE-20: Improper Input Validation CWE-122: Heap-based Buffer Overflow •

CVSS: 9.8EPSS: 2%CPEs: 30EXPL: 1

CVE-2016-4539 – php: xml_parse_into_struct() can crash when XML parser is re-used

https://notcve.org/view.php?id=CVE-2016-4539

The xml_parse_into_struct function in ext/xml/xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (buffer under-read and segmentation fault) or possibly have unspecified other impact via crafted XML data in the second argument, leading to a parser level of zero. La función xml_parse_into_struct en ext/xml/xml.c en PHP en versiones anteriores a 5.5.35, 5.6.x en versiones anteriores a 5.6.21 y 7.x en versiones anteriores a 7.0.6 permite a atacantes remotos provocar una denegación de servicio (lectura debajo de buffer y fallo de segmentación) o posiblemente tener otro impacto no especificado a través de un dato XML manipulado en el argumento segundo, encabezando un analizador de nivel cero. • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183736.html http://lists.opensuse.org/opensuse-updates/2016-05/msg00086.html http://lists.opensuse.org/opensuse-updates/2016-06/msg00027.html http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.debian.org/security/2016/dsa-3602 http://www.openwall.com/lists/oss-security/2016/05/05/21 http://www.securityfocus.com/bid/90174 https:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •