CVE-2016-4346

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-4346

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-4346.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2016-4346

Related

SUSE-SU-2016:1504-1
SUSE-SU-2016:1581-1
SUSE-SU-2016:1638-1
UBUNTU-CVE-2016-4346

Published

2016-05-22T01:59:20Z

Modified

2024-05-30T00:09:06Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Integer overflow in the str_pad function in ext/standard/string.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow.

References

http://php.net/ChangeLog-7.php
https://bugs.php.net/bug.php?id=71637
http://lists.opensuse.org/opensuse-updates/2016-05/msg00086.html
http://lists.opensuse.org/opensuse-updates/2016-06/msg00027.html
http://www.openwall.com/lists/oss-security/2016/04/28/2

Affected packages

Git / github.com/php/php-src

Affected ranges

Type: GIT
Repo: https://github.com/php/php-src
Events: Introduced

60fffd296abce5fc071f3c173c25a2696cf683c6

Fixed

e09845d32614a19188632f410316478fbb440ebd