CVE-2016-5399

Published: Apr 21, 2017

Modified: Aug 6, 2024

PUBLISHED

Description

The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

92051

vdb-entry

x_refsource_BID

http://packetstormsecurity.com/files/137998/PHP-7.0.8-5.6.23-5.5.37-bzread-OOB-Write.html

x_refsource_MISC

20160725 CVE-2016-5399: php: out-of-bounds write in bzread()

mailing-list

x_refsource_FULLDISC

https://bugzilla.redhat.com/show_bug.cgi?id=1358395

x_refsource_CONFIRM

[oss-security] 20160721 CVE-2016-5399: php: out-of-bounds write in bzread()

mailing-list

x_refsource_MLIST

20160721 CVE-2016-5399: php: out-of-bounds write in bzread()

mailing-list

x_refsource_BUGTRAQ

https://bugs.php.net/bug.php?id=72613

x_refsource_CONFIRM

RHSA-2016:2750

vendor-advisory

x_refsource_REDHAT

RHSA-2016:2598

vendor-advisory

x_refsource_REDHAT

http://php.net/ChangeLog-5.php

x_refsource_CONFIRM

https://security.netapp.com/advisory/ntap-20180112-0001/

x_refsource_CONFIRM

1036430

vdb-entry

x_refsource_SECTRACK

DSA-3631

vendor-advisory

x_refsource_DEBIAN

http://php.net/ChangeLog-7.php

x_refsource_CONFIRM

40155

exploit

x_refsource_EXPLOIT-DB

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2016-5399

Description

Affected Products

References