CVE-2016-4540 – php: OOB read in grapheme_stripos and grapheme_strpos when negative offset is used
https://notcve.org/view.php?id=CVE-2016-4540
The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset. La función grapheme_stripos en ext/intl/grapheme/grapheme_string.c en PHP en versiones anteriores a 5.5.35, 5.6.x en versiones anteriores a 5.6.21 y 7.x en versiones anteriores a 7.0.6 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) o posiblemente tener otro impacto no especificado a través de un desplazamiento negativo. • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183736.html http://lists.opensuse.org/opensuse-updates/2016-05/msg00086.html http://lists.opensuse.org/opensuse-updates/2016-06/msg00027.html http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.debian.org/security/2016/dsa-3602 http://www.openwall.com/lists/oss-security/2016/05/05/21 http://www.securityfocus.com/bid/90172 https:/ • CWE-125: Out-of-bounds Read •
CVE-2016-4343 – php: Uninitialized pointer in phar_make_dirstream()
https://notcve.org/view.php?id=CVE-2016-4343
The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service (uninitialized pointer dereference) or possibly have unspecified other impact via a crafted TAR archive. La función phar_make_dirstream en ext/phar/dirstream.c en PHP en versiones anteriores a 5.6.18 y 7.x en versiones anteriores a 7.0.3 no maneja correctamente archivos ././@LongLink de tamaño cero, lo que permite a atacantes remotos provocar una denegación de servicio (referencia a puntero no inicializado) o posiblemente tener otro impacto no especificado a través de un archivo TAR manipulado. • http://lists.opensuse.org/opensuse-updates/2016-05/msg00086.html http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.openwall.com/lists/oss-security/2016/04/28/2 http://www.securityfocus.com/bid/89179 https://bugs.php.net/bug.php?id=71331 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDi • CWE-456: Missing Initialization of a Variable CWE-824: Access of Uninitialized Pointer •
CVE-2016-4342 – php: use of uninitialized pointer in PharFileInfo::getContent
https://notcve.org/view.php?id=CVE-2016-4342
ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive. ext/phar/phar_object.c en PHP en versiones anteriores a 5.5.32, 5.6.x en versiones anteriores a 5.6.18 y 7.x en versiones anteriores a 7.0.3 no maneja correctamente los datos sin comprimir de longitud cero, lo que permite a atacantes remotos provocar una denegación de servicio (corrupción de la memoria dinámica) o posiblemente tener otro impacto no especificado a través de un archivo (1) TAR, (2) ZIP o (3) PHAR manipulado. • http://lists.opensuse.org/opensuse-updates/2016-05/msg00086.html http://lists.opensuse.org/opensuse-updates/2016-06/msg00027.html http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.openwall.com/lists/oss-security/2016/04/28/2 http://www.securityfocus.com/bid/89154 https://bugs.php.net/bug.php?id=71354 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-665: Improper Initialization •
CVE-2015-8866 – php: libxml_disable_entity_loader setting is shared between threads
https://notcve.org/view.php?id=CVE-2015-8866
ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161. ext/libxml/libxml.c en PHP en versiones anteriores a 5.5.22 y 5.6.x en versiones anteriores a 5.6.6, cuando se utiliza PHP-FPM, no aisla cada hilo de cambios libxml_disable_entity_loader en otros hilos, lo que permite a atacantes remotos llevar a cabo ataques XML External Entity (XXE) y XML Entity Expansion (XEE) a través de un documento XML manipulado, un problema relacionado con la CVE-2015-5161. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=de31324c221c1791b26350ba106cc26bad23ace9 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00056.html http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.openwall.com/lists/oss-security/2016/04/24/1 http://www.php.net/ChangeLog-5.php http://www.securityfocus.com/bid/ • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2016-4344
https://notcve.org/view.php?id=CVE-2016-4344
Integer overflow in the xml_utf8_encode function in ext/xml/xml.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long argument to the utf8_encode function, leading to a heap-based buffer overflow. Desbordamiento de entero en la función xml_utf8_encode en ext/xml/xml.c en PHP en versiones anteriores a 7.0.4 permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de un argumento largo para la función utf8_encode, encabezando un desbordamiento de buffer basado en memoria dinámica. • http://php.net/ChangeLog-7.php http://www.openwall.com/lists/oss-security/2016/04/28/2 https://bugs.php.net/bug.php?id=71637 • CWE-190: Integer Overflow or Wraparound •