CVE-2016-4343
php: Uninitialized pointer in phar_make_dirstream()
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service (uninitialized pointer dereference) or possibly have unspecified other impact via a crafted TAR archive.
La función phar_make_dirstream en ext/phar/dirstream.c en PHP en versiones anteriores a 5.6.18 y 7.x en versiones anteriores a 7.0.3 no maneja correctamente archivos ././@LongLink de tamaño cero, lo que permite a atacantes remotos provocar una denegación de servicio (referencia a puntero no inicializado) o posiblemente tener otro impacto no especificado a través de un archivo TAR manipulado.
It was discovered that the PHP Fileinfo component incorrectly handled certain magic files. An attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. Hans Jerry Illikainen discovered that the PHP Zip extension incorrectly handled certain malformed Zip archives. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-04-28 CVE Reserved
- 2016-05-22 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-456: Missing Initialization of a Variable
- CWE-824: Access of Uninitialized Pointer
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/04/28/2 | Mailing List |
|
| http://www.securityfocus.com/bid/89179 | Third Party Advisory | |
| https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731 | Third Party Advisory | |
| https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149 | Third Party Advisory | |
| https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://bugs.php.net/bug.php?id=71331 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-updates/2016-05/msg00086.html | 2022-07-20 | |
| http://php.net/ChangeLog-5.php | 2022-07-20 | |
| http://php.net/ChangeLog-7.php | 2022-07-20 | |
| http://rhn.redhat.com/errata/RHSA-2016-2750.html | 2022-07-20 | |
| https://access.redhat.com/security/cve/CVE-2016-4343 | 2016-11-15 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1332454 | 2016-11-15 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | < 5.5.36 Search vendor "Php" for product "Php" and version " < 5.5.36" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | >= 5.6.0 < 5.6.18 Search vendor "Php" for product "Php" and version " >= 5.6.0 < 5.6.18" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | >= 7.0.0 < 7.0.3 Search vendor "Php" for product "Php" and version " >= 7.0.0 < 7.0.3" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 13.2 Search vendor "Opensuse" for product "Opensuse" and version "13.2" | - |
Affected
| ||||||