CVE-2016-10034

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2016-10034
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10034.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-10034
Aliases
Published
2016-12-30T19:59:00Z
Modified
2024-09-03T00:48:13.031744Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address.

References

Affected packages

Git / github.com/zendframework/zend-mail

Affected ranges

Type
GIT
Repo
https://github.com/zendframework/zend-mail
Events
Type
GIT
Repo
https://github.com/zendframework/zendframework
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Last affected
Last affected
Last affected

Affected versions

Other

last-docs-commit

release-2.*

release-2.0.0
release-2.0.0beta1
release-2.0.0beta2
release-2.0.0beta3
release-2.0.0beta4
release-2.0.0beta5
release-2.0.0dev1
release-2.0.0dev2
release-2.0.0dev4
release-2.0.0rc1
release-2.0.0rc2
release-2.0.0rc3
release-2.0.0rc4
release-2.0.0rc5
release-2.0.0rc6
release-2.0.0rc7
release-2.0.1
release-2.0.2
release-2.0.3
release-2.0.4
release-2.0.6
release-2.0.7
release-2.1.1
release-2.1.2
release-2.1.3
release-2.1.4
release-2.1.5
release-2.1.6
release-2.2.0
release-2.2.0rc1
release-2.2.0rc2
release-2.2.0rc3
release-2.2.1
release-2.2.10
release-2.2.2
release-2.2.3
release-2.2.4
release-2.2.5
release-2.2.6
release-2.2.7
release-2.2.8
release-2.2.9
release-2.3.0
release-2.3.1
release-2.3.2
release-2.3.3
release-2.3.4
release-2.3.5
release-2.3.6
release-2.3.7
release-2.4.0
release-2.4.0rc1
release-2.4.0rc2
release-2.4.0rc3
release-2.4.0rc4
release-2.4.0rc5
release-2.4.0rc6
release-2.4.0rc7
release-2.4.1
release-2.4.10
release-2.4.2
release-2.4.3
release-2.4.4
release-2.4.5
release-2.4.6
release-2.4.7
release-2.4.8
release-2.4.9
release-2.5.0
release-2.5.1
release-2.5.2
release-2.6.0
release-2.6.1
release-2.6.2
release-2.7.0
release-2.7.1