CVE-2016-5399

The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
Affected Products (NVD)
VendorProductVersion
phpphp
𝑥
≤ 5.5.37
phpphp
5.6.0 ≤
𝑥
< 5.6.24
phpphp
7.0.0 ≤
𝑥
< 7.0.9
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
php5
precise
Fixed 5.3.10-1ubuntu3.24
released
trusty
Fixed 5.5.9+dfsg-1ubuntu4.19
released
wily
ignored
xenial
dne
php7.0
precise
dne
trusty
dne
wily
dne
xenial
Fixed 7.0.8-0ubuntu0.16.04.2
released
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
php
RHEL 7
0:5.4.16-42.el7
fixed
php-bcmath
RHEL 7
0:5.4.16-42.el7
fixed
php-cli
RHEL 7
0:5.4.16-42.el7
fixed
php-common
RHEL 7
0:5.4.16-42.el7
fixed
php-dba
RHEL 7
0:5.4.16-42.el7
fixed
php-devel
RHEL 7
0:5.4.16-42.el7
fixed
php-embedded
RHEL 7
0:5.4.16-42.el7
fixed
php-enchant
RHEL 7
0:5.4.16-42.el7
fixed
php-fpm
RHEL 7
0:5.4.16-42.el7
fixed
php-gd
RHEL 7
0:5.4.16-42.el7
fixed
php-intl
RHEL 7
0:5.4.16-42.el7
fixed
php-ldap
RHEL 7
0:5.4.16-42.el7
fixed
php-mbstring
RHEL 7
0:5.4.16-42.el7
fixed
php-mysql
RHEL 7
0:5.4.16-42.el7
fixed
php-mysqlnd
RHEL 7
0:5.4.16-42.el7
fixed
php-odbc
RHEL 7
0:5.4.16-42.el7
fixed
php-pdo
RHEL 7
0:5.4.16-42.el7
fixed
php-pgsql
RHEL 7
0:5.4.16-42.el7
fixed
php-process
RHEL 7
0:5.4.16-42.el7
fixed
php-pspell
RHEL 7
0:5.4.16-42.el7
fixed
php-recode
RHEL 7
0:5.4.16-42.el7
fixed
php-snmp
RHEL 7
0:5.4.16-42.el7
fixed
php-soap
RHEL 7
0:5.4.16-42.el7
fixed
php-xml
RHEL 7
0:5.4.16-42.el7
fixed
php-xmlrpc
RHEL 7
0:5.4.16-42.el7
fixed
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/137998/PHP-7.0.8-5.6.23-5.5.37-bzread-OOB-Write.html
http://php.net/ChangeLog-5.php
http://php.net/ChangeLog-7.php
http://rhn.redhat.com/errata/RHSA-2016-2598.html
http://rhn.redhat.com/errata/RHSA-2016-2750.html
http://seclists.org/fulldisclosure/2016/Jul/72
http://www.debian.org/security/2016/dsa-3631
http://www.openwall.com/lists/oss-security/2016/07/21/1
http://www.securityfocus.com/archive/1/538966/100/0/threaded
http://www.securityfocus.com/bid/92051
http://www.securitytracker.com/id/1036430
https://bugs.php.net/bug.php?id=72613
https://bugzilla.redhat.com/show_bug.cgi?id=1358395
https://security.netapp.com/advisory/ntap-20180112-0001/
https://www.exploit-db.com/exploits/40155/
http://packetstormsecurity.com/files/137998/PHP-7.0.8-5.6.23-5.5.37-bzread-OOB-Write.html
http://php.net/ChangeLog-5.php
http://php.net/ChangeLog-7.php
http://rhn.redhat.com/errata/RHSA-2016-2598.html
http://rhn.redhat.com/errata/RHSA-2016-2750.html
http://seclists.org/fulldisclosure/2016/Jul/72
http://www.debian.org/security/2016/dsa-3631
http://www.openwall.com/lists/oss-security/2016/07/21/1
http://www.securityfocus.com/archive/1/538966/100/0/threaded
http://www.securityfocus.com/bid/92051
http://www.securitytracker.com/id/1036430
https://bugs.php.net/bug.php?id=72613
https://bugzilla.redhat.com/show_bug.cgi?id=1358395
https://security.netapp.com/advisory/ntap-20180112-0001/
https://www.exploit-db.com/exploits/40155/