CVE-2016-5114
php: out-of-bounds write in fpm_log.c
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
sapi/fpm/fpm/fpm_log.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 misinterprets the semantics of the snprintf return value, which allows attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and buffer overflow) via a long string, as demonstrated by a long URI in a configuration with custom REQUEST_URI logging.
sapi/fpm/fpm/fpm_log.c en PHP en versiones anteriores a 5.5.31, 5.6.x en versiones anteriores a 5.6.17 y 7.x en versiones anteriores a 7.0.2 malinterpreta la semántica del valor de retorno snprinfg, lo que permite a atacantes remotos obtener información sensible del proceso de memoria o provocar una denegación de servicio (lectura fuera de rango y desbordamiento de búfer) a través de una cadena larga, como se demuestra por una URl larga en una configuración con inicio de sesión REQUEST_URI personalizado.
An out-of-bounds write flaw was found in the fpm_log_write() logging function of PHP's FastCGI Process Manager service. A remote attacker could repeatedly send maliciously crafted requests to force FPM to exhaust file system space, creating a denial of service and preventing further logging.
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The rh-php56 packages provide a recent stable release of PHP with PEAR 1.9.5 and enhanced language features including constant expressions, variadic functions, arguments unpacking, and the interactive debuger. The memcache, mongo, and XDebug extensions are also included. The rh-php56 Software Collection has been upgraded to version 5.6.25, which provides a number of bug fixes and enhancements over the previous version. Security Fixes in the rh-php56-php component have been added.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-05-28 CVE Reserved
- 2016-08-02 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-125: Out-of-bounds Read
- CWE-787: Out-of-bounds Write
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://github.com/php/php-src/commit/2721a0148649e07ed74468f097a28899741eb58f?w=1 | X_refsource_confirm | |
| http://www.openwall.com/lists/oss-security/2016/05/29/1 | Mailing List |
|
| https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731 | X_refsource_confirm |
| URL | Date | SRC |
|---|---|---|
| https://bugs.php.net/bug.php?id=70755 | 2024-08-06 |
| URL | Date | SRC |
|---|---|---|
| http://php.net/ChangeLog-5.php | 2018-01-05 | |
| http://php.net/ChangeLog-7.php | 2018-01-05 | |
| http://www.search-lab.hu/about-us/news/111-some-unusual-vulnerabilities-in-the-php-engine | 2018-01-05 |
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2016-2750.html | 2018-01-05 | |
| https://access.redhat.com/security/cve/CVE-2016-5114 | 2016-11-15 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1297710 | 2016-11-15 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | <= 5.5.30 Search vendor "Php" for product "Php" and version " <= 5.5.30" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.6.0 Search vendor "Php" for product "Php" and version "5.6.0" | alpha1 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.6.0 Search vendor "Php" for product "Php" and version "5.6.0" | alpha2 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.6.0 Search vendor "Php" for product "Php" and version "5.6.0" | alpha3 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.6.0 Search vendor "Php" for product "Php" and version "5.6.0" | alpha4 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.6.0 Search vendor "Php" for product "Php" and version "5.6.0" | alpha5 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.6.0 Search vendor "Php" for product "Php" and version "5.6.0" | beta1 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.6.0 Search vendor "Php" for product "Php" and version "5.6.0" | beta2 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.6.0 Search vendor "Php" for product "Php" and version "5.6.0" | beta3 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.6.0 Search vendor "Php" for product "Php" and version "5.6.0" | beta4 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.6.1 Search vendor "Php" for product "Php" and version "5.6.1" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.6.2 Search vendor "Php" for product "Php" and version "5.6.2" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.6.3 Search vendor "Php" for product "Php" and version "5.6.3" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.6.4 Search vendor "Php" for product "Php" and version "5.6.4" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.6.5 Search vendor "Php" for product "Php" and version "5.6.5" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.6.6 Search vendor "Php" for product "Php" and version "5.6.6" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.6.7 Search vendor "Php" for product "Php" and version "5.6.7" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.6.8 Search vendor "Php" for product "Php" and version "5.6.8" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.6.9 Search vendor "Php" for product "Php" and version "5.6.9" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.6.10 Search vendor "Php" for product "Php" and version "5.6.10" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.6.11 Search vendor "Php" for product "Php" and version "5.6.11" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.6.12 Search vendor "Php" for product "Php" and version "5.6.12" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.6.13 Search vendor "Php" for product "Php" and version "5.6.13" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.6.14 Search vendor "Php" for product "Php" and version "5.6.14" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.6.15 Search vendor "Php" for product "Php" and version "5.6.15" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.6.16 Search vendor "Php" for product "Php" and version "5.6.16" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.0 Search vendor "Php" for product "Php" and version "7.0.0" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.1 Search vendor "Php" for product "Php" and version "7.0.1" | - |
Affected
| ||||||