Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2016-7418

UNKNOWN
Published 2016-09-17T21:00:00
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2016-7418. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-8mcg-f54r-6x9w

Advisory Details

The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call.

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2016-7418
WEB https://github.com/php/php-src/commit/c4cca4c20e75359c9a13a1f9a36cb7b4e9601d29?w=1
WEB https://access.redhat.com/errata/RHSA-2018:1296
WEB https://bugs.php.net/bug.php?id=73065
WEB https://security.gentoo.org/glsa/201611-22
WEB https://www.tenable.com/security/tns-2016-19
WEB http://www.openwall.com/lists/oss-security/2016/09/15/10
WEB http://www.php.net/ChangeLog-5.php
WEB http://www.php.net/ChangeLog-7.php
WEB http://www.securityfocus.com/bid/93011
WEB http://www.securitytracker.com/id/1036836

Advisory provided by GitHub Security Advisory Database. Published: May 14, 2022, Modified: May 14, 2022

References

https://github.com/php/php-src/commit/c4cca4c20e75359c9a13a1f9a36cb7b4e9601d29?w=1
http://www.php.net/ChangeLog-7.php
https://security.gentoo.org/glsa/201611-22
http://www.securitytracker.com/id/1036836
http://www.openwall.com/lists/oss-security/2016/09/15/10
https://access.redhat.com/errata/RHSA-2018:1296
http://www.securityfocus.com/bid/93011
http://www.php.net/ChangeLog-5.php
https://www.tenable.com/security/tns-2016-19
https://bugs.php.net/bug.php?id=73065

HackerOne Reports

CVE-2016-7418 PHP Out-Of-Bounds Read in php_wddx_push_element None
binvul
Internet Bug Bounty
Memory Corruption - Generic
View Report
Published: 2016-09-17T21:00:00
Last Modified: 2024-08-06T01:57:47.486Z
Copied to clipboard!