CVE-2016-6294

The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long argument.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 89%
VendorProductVersion
phpphp
𝑥
≤ 5.5.37
phpphp
5.6.0:alpha1
phpphp
5.6.0:alpha2
phpphp
5.6.0:alpha3
phpphp
5.6.0:alpha4
phpphp
5.6.0:alpha5
phpphp
5.6.0:beta1
phpphp
5.6.0:beta2
phpphp
5.6.0:beta3
phpphp
5.6.0:beta4
phpphp
5.6.1
phpphp
5.6.2
phpphp
5.6.3
phpphp
5.6.4
phpphp
5.6.5
phpphp
5.6.6
phpphp
5.6.7
phpphp
5.6.8
phpphp
5.6.9
phpphp
5.6.10
phpphp
5.6.11
phpphp
5.6.12
phpphp
5.6.13
phpphp
5.6.14
phpphp
5.6.15
phpphp
5.6.16
phpphp
5.6.17
phpphp
5.6.18
phpphp
5.6.19
phpphp
5.6.20
phpphp
5.6.21
phpphp
5.6.22
phpphp
5.6.23
phpphp
7.0.0
phpphp
7.0.1
phpphp
7.0.2
phpphp
7.0.3
phpphp
7.0.4
phpphp
7.0.5
phpphp
7.0.8
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
php5
xenial
dne
wily
ignored
trusty
Fixed 5.5.9+dfsg-1ubuntu4.19
released
precise
Fixed 5.3.10-1ubuntu3.24
released
php7.0
xenial
Fixed 7.0.8-0ubuntu0.16.04.2
released
wily
dne
trusty
dne
precise
dne
Common Weakness Enumeration
References
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=aa82e99ed8003c01f1ef4f0940e56b85c5b032d4
http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html
http://openwall.com/lists/oss-security/2016/07/24/2
http://php.net/ChangeLog-5.php
http://php.net/ChangeLog-7.php
http://rhn.redhat.com/errata/RHSA-2016-2750.html
http://www.debian.org/security/2016/dsa-3631
http://www.securityfocus.com/bid/92115
http://www.securitytracker.com/id/1036430
https://bugs.php.net/72533
https://security.gentoo.org/glsa/201611-22
https://support.apple.com/HT207170
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=aa82e99ed8003c01f1ef4f0940e56b85c5b032d4
http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html
http://openwall.com/lists/oss-security/2016/07/24/2
http://php.net/ChangeLog-5.php
http://php.net/ChangeLog-7.php
http://rhn.redhat.com/errata/RHSA-2016-2750.html
http://www.debian.org/security/2016/dsa-3631
http://www.securityfocus.com/bid/92115
http://www.securitytracker.com/id/1036430
https://bugs.php.net/72533
https://security.gentoo.org/glsa/201611-22
https://support.apple.com/HT207170