CVE-2016-5094

EUVD-2016-6046
Integer overflow in the php_html_entities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from the htmlspecialchars function.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.6 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
Affected Products (NVD)
VendorProductVersion
phpphp
𝑥
≤ 5.5.36
phpphp
5.6.0:alpha1
phpphp
5.6.0:alpha2
phpphp
5.6.0:alpha3
phpphp
5.6.0:alpha4
phpphp
5.6.0:alpha5
phpphp
5.6.0:beta1
phpphp
5.6.0:beta2
phpphp
5.6.0:beta3
phpphp
5.6.0:beta4
phpphp
5.6.1
phpphp
5.6.2
phpphp
5.6.3
phpphp
5.6.4
phpphp
5.6.5
phpphp
5.6.6
phpphp
5.6.7
phpphp
5.6.8
phpphp
5.6.9
phpphp
5.6.10
phpphp
5.6.11
phpphp
5.6.12
phpphp
5.6.13
phpphp
5.6.14
phpphp
5.6.15
phpphp
5.6.16
phpphp
5.6.17
phpphp
5.6.18
phpphp
5.6.19
phpphp
5.6.20
phpphp
5.6.21
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
php5
precise
Fixed 5.3.10-1ubuntu3.24
released
trusty
Fixed 5.5.9+dfsg-1ubuntu4.19
released
wily
ignored
xenial
dne
Common Weakness Enumeration
References
http://php.net/ChangeLog-5.php
http://rhn.redhat.com/errata/RHSA-2016-2750.html
http://www.debian.org/security/2016/dsa-3602
http://www.openwall.com/lists/oss-security/2016/05/26/3
http://www.securityfocus.com/bid/90857
https://bugs.php.net/bug.php?id=72135
https://github.com/php/php-src/commit/0da8b8b801f9276359262f1ef8274c7812d3dfda?w=1
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731
http://php.net/ChangeLog-5.php
http://rhn.redhat.com/errata/RHSA-2016-2750.html
http://www.debian.org/security/2016/dsa-3602
http://www.openwall.com/lists/oss-security/2016/05/26/3
http://www.securityfocus.com/bid/90857
https://bugs.php.net/bug.php?id=72135
https://github.com/php/php-src/commit/0da8b8b801f9276359262f1ef8274c7812d3dfda?w=1
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731