CVE-2016-5768
php: Double free in _php_mb_regex_ereg_replace_exec
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Double free vulnerability in the _php_mb_regex_ereg_replace_exec function in php_mbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by leveraging a callback exception.
Vulnerabilidad de liberación doble en la función _php_mb_regex_ereg_replace_exec en php_mbregex.c en la extensión mbstring en PHP en versiones anteriores a 5.5.37, 5.6.x en versiones anteriores a 5.6.23 y 7.x en versiones anteriores a 7.0.8 permite a atacantes remotos ejecutar un código arbitrario o provocar una denegación de servicio (caída de aplicación) mediante el aprovechamiento de una excepción de devolución de llamada.
A double free flaw was found in the mb_ereg_replace_callback() function of php which is used to perform regex search. This flaw could possibly cause a PHP application to crash.
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The rh-php56 packages provide a recent stable release of PHP with PEAR 1.9.5 and enhanced language features including constant expressions, variadic functions, arguments unpacking, and the interactive debuger. The memcache, mongo, and XDebug extensions are also included. The rh-php56 Software Collection has been upgraded to version 5.6.25, which provides a number of bug fixes and enhancements over the previous version. Security Fixes in the rh-php56-php component have been added.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2016-06-23 CVE Reserved
- 2016-06-26 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-415: Double Free
- CWE-416: Use After Free
CAPEC
References (16)
| URL | Tag | Source |
|---|---|---|
| http://github.com/php/php-src/commit/5b597a2e5b28e2d5a52fc1be13f425f08f47cb62?w=1 | X_refsource_confirm | |
| http://php.net/ChangeLog-7.php | Release Notes | |
| http://www.openwall.com/lists/oss-security/2016/06/23/4 | Mailing List |
|
| http://www.securityfocus.com/bid/91396 | Vdb Entry | |
| https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731 | X_refsource_confirm | |
| https://support.apple.com/HT207170 | X_refsource_confirm |
|
| URL | Date | SRC |
|---|---|---|
| https://bugs.php.net/bug.php?id=72402 | 2024-08-06 |
| URL | Date | SRC |
|---|---|---|
| http://php.net/ChangeLog-5.php | 2018-01-05 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | <= 5.5.36 Search vendor "Php" for product "Php" and version " <= 5.5.36" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.6.0 Search vendor "Php" for product "Php" and version "5.6.0" | alpha1 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.6.0 Search vendor "Php" for product "Php" and version "5.6.0" | alpha2 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.6.0 Search vendor "Php" for product "Php" and version "5.6.0" | alpha3 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.6.0 Search vendor "Php" for product "Php" and version "5.6.0" | alpha4 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.6.0 Search vendor "Php" for product "Php" and version "5.6.0" | alpha5 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.6.0 Search vendor "Php" for product "Php" and version "5.6.0" | beta1 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.6.0 Search vendor "Php" for product "Php" and version "5.6.0" | beta2 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.6.0 Search vendor "Php" for product "Php" and version "5.6.0" | beta3 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.6.0 Search vendor "Php" for product "Php" and version "5.6.0" | beta4 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.6.1 Search vendor "Php" for product "Php" and version "5.6.1" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.6.2 Search vendor "Php" for product "Php" and version "5.6.2" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.6.3 Search vendor "Php" for product "Php" and version "5.6.3" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.6.4 Search vendor "Php" for product "Php" and version "5.6.4" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.6.5 Search vendor "Php" for product "Php" and version "5.6.5" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.6.6 Search vendor "Php" for product "Php" and version "5.6.6" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.6.7 Search vendor "Php" for product "Php" and version "5.6.7" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.6.8 Search vendor "Php" for product "Php" and version "5.6.8" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.6.9 Search vendor "Php" for product "Php" and version "5.6.9" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.6.10 Search vendor "Php" for product "Php" and version "5.6.10" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.6.11 Search vendor "Php" for product "Php" and version "5.6.11" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.6.12 Search vendor "Php" for product "Php" and version "5.6.12" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.6.13 Search vendor "Php" for product "Php" and version "5.6.13" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.6.14 Search vendor "Php" for product "Php" and version "5.6.14" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.6.15 Search vendor "Php" for product "Php" and version "5.6.15" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.6.16 Search vendor "Php" for product "Php" and version "5.6.16" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.6.17 Search vendor "Php" for product "Php" and version "5.6.17" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.6.18 Search vendor "Php" for product "Php" and version "5.6.18" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.6.19 Search vendor "Php" for product "Php" and version "5.6.19" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.6.20 Search vendor "Php" for product "Php" and version "5.6.20" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.6.21 Search vendor "Php" for product "Php" and version "5.6.21" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.6.22 Search vendor "Php" for product "Php" and version "5.6.22" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.0 Search vendor "Php" for product "Php" and version "7.0.0" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.1 Search vendor "Php" for product "Php" and version "7.0.1" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.2 Search vendor "Php" for product "Php" and version "7.0.2" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.3 Search vendor "Php" for product "Php" and version "7.0.3" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.4 Search vendor "Php" for product "Php" and version "7.0.4" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.5 Search vendor "Php" for product "Php" and version "7.0.5" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.6 Search vendor "Php" for product "Php" and version "7.0.6" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.7 Search vendor "Php" for product "Php" and version "7.0.7" | - |
Affected
| ||||||