CVE-2016-7398
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A type confusion vulnerability in the merge_param() function of php_http_params.c in PHP's pecl-http extension 3.1.0beta2 (PHP 7) and earlier as well as 2.6.0beta2 (PHP 5) and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests.
Una vulnerabilidad de confusión de tipo en la función merge_param() del archivo php_http_params.c en la extensión pecl-http de PHP versión 3.1.0beta2 (PHP 7) y anteriores, así como también versión 2.6.0beta2 (PHP 5) y anteriores, permite a atacantes bloquear PHP y posiblemente ejecutar código arbitrario por medio de peticiones HTTP creadas.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2016-09-09 CVE Reserved
- 2019-09-06 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2024-08-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-704: Incorrect Type Conversion or Cast
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2019/09/msg00022.html | Mailing List |
|
| URL | Date | SRC |
|---|---|---|
| https://bugs.php.net/bug.php?id=73055 | 2024-08-06 | |
| https://bugs.php.net/bug.php?id=73055&edit=1 | 2024-08-06 |
| URL | Date | SRC |
|---|---|---|
| https://github.com/m6w6/ext-http/commit/17137d4ab1ce81a2cee0fae842340a344ef3da83 | 2019-09-20 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Php Search vendor "Php" | Ext-http Search vendor "Php" for product "Ext-http" | <= 2.5.6 Search vendor "Php" for product "Ext-http" and version " <= 2.5.6" | - |
Affected
| ||||||
| Php Search vendor "Php" | Ext-http Search vendor "Php" for product "Ext-http" | >= 3.0.0 <= 3.0.1 Search vendor "Php" for product "Ext-http" and version " >= 3.0.0 <= 3.0.1" | - |
Affected
| ||||||
| Php Search vendor "Php" | Ext-http Search vendor "Php" for product "Ext-http" | 2.6.0 Search vendor "Php" for product "Ext-http" and version "2.6.0" | - |
Affected
| ||||||
| Php Search vendor "Php" | Ext-http Search vendor "Php" for product "Ext-http" | 2.6.0 Search vendor "Php" for product "Ext-http" and version "2.6.0" | beta1 |
Affected
| ||||||
| Php Search vendor "Php" | Ext-http Search vendor "Php" for product "Ext-http" | 2.6.0 Search vendor "Php" for product "Ext-http" and version "2.6.0" | beta2 |
Affected
| ||||||
| Php Search vendor "Php" | Ext-http Search vendor "Php" for product "Ext-http" | 2.6.0 Search vendor "Php" for product "Ext-http" and version "2.6.0" | rc1 |
Affected
| ||||||
| Php Search vendor "Php" | Ext-http Search vendor "Php" for product "Ext-http" | 3.1.0 Search vendor "Php" for product "Ext-http" and version "3.1.0" | - |
Affected
| ||||||
| Php Search vendor "Php" | Ext-http Search vendor "Php" for product "Ext-http" | 3.1.0 Search vendor "Php" for product "Ext-http" and version "3.1.0" | beta1 |
Affected
| ||||||
| Php Search vendor "Php" | Ext-http Search vendor "Php" for product "Ext-http" | 3.1.0 Search vendor "Php" for product "Ext-http" and version "3.1.0" | beta2 |
Affected
| ||||||
| Php Search vendor "Php" | Ext-http Search vendor "Php" for product "Ext-http" | 3.1.0 Search vendor "Php" for product "Ext-http" and version "3.1.0" | rc1 |
Affected
| ||||||