CVE-2016-3141

EUVD-2016-4193
Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
Affected Products (NVD)
VendorProductVersion
applemac_os_x
𝑥
≤ 10.11.4
phpphp
𝑥
≤ 5.5.32
phpphp
5.6.0
phpphp
5.6.1
phpphp
5.6.2
phpphp
5.6.3
phpphp
5.6.4
phpphp
5.6.5
phpphp
5.6.6
phpphp
5.6.7
phpphp
5.6.8
phpphp
5.6.9
phpphp
5.6.10
phpphp
5.6.11
phpphp
5.6.12
phpphp
5.6.13
phpphp
5.6.14
phpphp
5.6.15
phpphp
5.6.16
phpphp
5.6.17
phpphp
5.6.18
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
php5
precise
Fixed 5.3.10-1ubuntu3.22
released
trusty
Fixed 5.5.9+dfsg-1ubuntu4.16
released
wily
Fixed 5.6.11+dfsg-1ubuntu3.2
released
php7.0
precise
dne
trusty
dne
wily
dne
Common Weakness Enumeration
References
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=b1bd4119bcafab6f9a8f84d92cd65eec3afeface
http://lists.apple.com/archives/security-announce/2016/May/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00056.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html
http://rhn.redhat.com/errata/RHSA-2016-2750.html
http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html
http://www.securityfocus.com/bid/84271
http://www.securitytracker.com/id/1035255
http://www.ubuntu.com/usn/USN-2952-1
http://www.ubuntu.com/usn/USN-2952-2
https://bugs.php.net/bug.php?id=71587
https://php.net/ChangeLog-5.php
https://support.apple.com/HT206567
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=b1bd4119bcafab6f9a8f84d92cd65eec3afeface
http://lists.apple.com/archives/security-announce/2016/May/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00056.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html
http://rhn.redhat.com/errata/RHSA-2016-2750.html
http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html
http://www.securityfocus.com/bid/84271
http://www.securitytracker.com/id/1035255
http://www.ubuntu.com/usn/USN-2952-1
http://www.ubuntu.com/usn/USN-2952-2
https://bugs.php.net/bug.php?id=71587
https://php.net/ChangeLog-5.php
https://support.apple.com/HT206567