CVE-2016-6296

Integer signedness error in the simplestring_addn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a long first argument to the PHP xmlrpc_encode_request function.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
VendorProductVersion
phpphp
𝑥
≤ 5.5.37
phpphp
5.6.0:alpha1
phpphp
5.6.0:alpha2
phpphp
5.6.0:alpha3
phpphp
5.6.0:alpha4
phpphp
5.6.0:alpha5
phpphp
5.6.0:beta1
phpphp
5.6.0:beta2
phpphp
5.6.0:beta3
phpphp
5.6.0:beta4
phpphp
5.6.1
phpphp
5.6.2
phpphp
5.6.3
phpphp
5.6.4
phpphp
5.6.5
phpphp
5.6.6
phpphp
5.6.7
phpphp
5.6.8
phpphp
5.6.9
phpphp
5.6.10
phpphp
5.6.11
phpphp
5.6.12
phpphp
5.6.13
phpphp
5.6.14
phpphp
5.6.15
phpphp
5.6.16
phpphp
5.6.17
phpphp
5.6.18
phpphp
5.6.19
phpphp
5.6.20
phpphp
5.6.21
phpphp
5.6.22
phpphp
5.6.23
phpphp
7.0.0
phpphp
7.0.1
phpphp
7.0.2
phpphp
7.0.3
phpphp
7.0.4
phpphp
7.0.5
phpphp
7.0.8
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
xmlrpc-epi
bullseye
0.54.2-1.2
fixed
bookworm
0.54.2-1.3
fixed
sid
0.54.2-3
fixed
trixie
0.54.2-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
php5
xenial
dne
wily
ignored
trusty
Fixed 5.5.9+dfsg-1ubuntu4.19
released
precise
Fixed 5.3.10-1ubuntu3.24
released
php7.0
xenial
Fixed 7.0.8-0ubuntu0.16.04.2
released
wily
dne
trusty
dne
precise
dne
xmlrpc-epi
xenial
Fixed 0.54.2-1.1ubuntu0.1
released
wily
ignored
trusty
Fixed 0.54.2-1+deb7u1ubuntu0.14.04.2
released
precise
Fixed 0.54.2-1+deb7u1ubuntu0.12.04.1
released
Common Weakness Enumeration
References
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=e6c48213c22ed50b2b987b479fcc1ac709394caa
http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html
http://openwall.com/lists/oss-security/2016/07/24/2
http://php.net/ChangeLog-5.php
http://php.net/ChangeLog-7.php
http://rhn.redhat.com/errata/RHSA-2016-2750.html
http://www.debian.org/security/2016/dsa-3631
http://www.securityfocus.com/bid/92095
http://www.securitytracker.com/id/1036430
http://www.ubuntu.com/usn/USN-3059-1
https://bugs.php.net/72606
https://lists.debian.org/debian-lts-announce/2019/11/msg00029.html
https://security.gentoo.org/glsa/201611-22
https://support.apple.com/HT207170
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=e6c48213c22ed50b2b987b479fcc1ac709394caa
http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html
http://openwall.com/lists/oss-security/2016/07/24/2
http://php.net/ChangeLog-5.php
http://php.net/ChangeLog-7.php
http://rhn.redhat.com/errata/RHSA-2016-2750.html
http://www.debian.org/security/2016/dsa-3631
http://www.securityfocus.com/bid/92095
http://www.securitytracker.com/id/1036430
http://www.ubuntu.com/usn/USN-3059-1
https://bugs.php.net/72606
https://lists.debian.org/debian-lts-announce/2019/11/msg00029.html
https://security.gentoo.org/glsa/201611-22
https://support.apple.com/HT207170