CVE-2016-10034

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-10034

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10034.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2016-10034

Aliases

GHSA-r9mw-gwx9-v3h5

Published

2016-12-30T19:59:00Z

Modified

2024-09-03T00:48:13.031744Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address.

References

Affected packages

Git / github.com/zendframework/zend-mail

Affected ranges

Type: GIT
Repo: https://github.com/zendframework/zend-mail
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

2e817b58ebaa2b422a25d854106a91f74b6a7976

Last affected

3311e163de28dc3b41dfba642939132a16336143

Last affected

33e3a021bcf824eed8931118505192c61deb3486

Last affected

4e994547f4af5f0de4c31546313989ca09319c6a

Last affected

4fcff3a0a87d7e8f772ad52068a43379509f45e7

Last affected

684ca1af4b3ae75be52dff4857d98366c1293e0b

Last affected

68b1357c6389d476d80c050a75bf3091e873202c

Last affected

6dc8a3a262c9d70889ec846124482db3edab9b39

Last affected

fcec5a6f32a5646ce81783f319836996bdd03110

Type: GIT
Repo: https://github.com/zendframework/zendframework
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

099399441d4b9f8323ec458d8693f73212c9e404

Last affected

7e5bdc38820aef518c1c49d4b6e8fcb0083b165b

Last affected

9a471288339e2183215c770e8ce59758fe667c65

Last affected

e192ce17bacd22896dd319f58bad18bc1b290100

Affected versions

Other

last-docs-commit

release-2.*

release-2.0.0

release-2.0.0beta1

release-2.0.0beta2

release-2.0.0beta3

release-2.0.0beta4

release-2.0.0beta5

release-2.0.0dev1

release-2.0.0dev2

release-2.0.0dev4

release-2.0.0rc1

release-2.0.0rc2

release-2.0.0rc3

release-2.0.0rc4

release-2.0.0rc5

release-2.0.0rc6

release-2.0.0rc7

release-2.0.1

release-2.0.2

release-2.0.3

release-2.0.4

release-2.0.6

release-2.0.7

release-2.1.1

release-2.1.2

release-2.1.3

release-2.1.4

release-2.1.5

release-2.1.6

release-2.2.0

release-2.2.0rc1

release-2.2.0rc2

release-2.2.0rc3

release-2.2.1

release-2.2.10

release-2.2.2

release-2.2.3

release-2.2.4

release-2.2.5

release-2.2.6

release-2.2.7

release-2.2.8

release-2.2.9

release-2.3.0

release-2.3.1

release-2.3.2

release-2.3.3

release-2.3.4

release-2.3.5

release-2.3.6

release-2.3.7

release-2.4.0

release-2.4.0rc1

release-2.4.0rc2

release-2.4.0rc3

release-2.4.0rc4

release-2.4.0rc5

release-2.4.0rc6

release-2.4.0rc7

release-2.4.1

release-2.4.10

release-2.4.2

release-2.4.3

release-2.4.4

release-2.4.5

release-2.4.6

release-2.4.7

release-2.4.8

release-2.4.9

release-2.5.0

release-2.5.1

release-2.5.2

release-2.6.0

release-2.6.1

release-2.6.2

release-2.7.0

release-2.7.1