CVE-2016-5769
- Source
- https://cve.org/CVERecord?id=CVE-2016-5769
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-5769.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2016-5769
- Downstream
- Related
- Published
- 2016-08-07T10:59:17.070Z
- Modified
- 2026-03-10T14:13:45.003530Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted length value, related to the (1) mcryptgeneric and (2) mdecryptgeneric functions.
- References
-
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731
- https://support.apple.com/HT207170
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00025.html
- http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html
- http://www.securityfocus.com/bid/91399
- http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html
- http://php.net/ChangeLog-7.php
- http://www.openwall.com/lists/oss-security/2016/06/23/4
- http://www.debian.org/security/2016/dsa-3618
- https://bugs.php.net/bug.php?id=72455
- http://github.com/php/php-src/commit/6c5211a0cef0cc2854eaa387e0eb036e012904d0?w=1
- http://php.net/ChangeLog-5.php
Affected packages
Git / github.com/php/php-src
Affected ranges
- Type
- GIT
- Repo
- https://github.com/php/php-src
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedFixed
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "5.5.36" }, { "introduced": "0" }, { "last_affected": "5.6.0-alpha1" }, { "introduced": "0" }, { "last_affected": "5.6.0-alpha2" }, { "introduced": "0" }, { "last_affected": "5.6.0-alpha3" }, { "introduced": "0" }, { "last_affected": "5.6.0-beta1" }, { "introduced": "0" }, { "last_affected": "5.6.0-beta2" }, { "introduced": "0" }, { "last_affected": "5.6.0-beta3" }, { "introduced": "0" }, { "last_affected": "5.6.0-beta4" }, { "introduced": "0" }, { "last_affected": "5.6.1" }, { "introduced": "0" }, { "last_affected": "5.6.2" }, { "introduced": "0" }, { "last_affected": "5.6.3" }, { "introduced": "0" }, { "last_affected": "5.6.4" }, { "introduced": "0" }, { "last_affected": "5.6.5" }, { "introduced": "0" }, { "last_affected": "5.6.6" }, { "introduced": "0" }, { "last_affected": "5.6.7" }, { "introduced": "0" }, { "last_affected": "5.6.8" }, { "introduced": "0" }, { "last_affected": "5.6.9" }, { "introduced": "0" }, { "last_affected": "5.6.10" }, { "introduced": "0" }, { "last_affected": "5.6.11" }, { "introduced": "0" }, { "last_affected": "5.6.12" }, { "introduced": "0" }, { "last_affected": "5.6.13" }, { "introduced": "0" }, { "last_affected": "5.6.14" }, { "introduced": "0" }, { "last_affected": "5.6.15" }, { "introduced": "0" }, { "last_affected": "5.6.16" }, { "introduced": "0" }, { "last_affected": "5.6.17" }, { "introduced": "0" }, { "last_affected": "5.6.18" }, { "introduced": "0" }, { "last_affected": "5.6.19" }, { "introduced": "0" }, { "last_affected": "5.6.20" }, { "introduced": "0" }, { "last_affected": "5.6.21" }, { "introduced": "0" }, { "last_affected": "5.6.22" }, { "introduced": "0" }, { "last_affected": "7.0.0" }, { "introduced": "0" }, { "last_affected": "7.0.1" }, { "introduced": "0" }, { "last_affected": "7.0.2" }, { "introduced": "0" }, { "last_affected": "7.0.3" }, { "introduced": "0" }, { "last_affected": "7.0.4" }, { "introduced": "0" }, { "last_affected": "7.0.5" }, { "introduced": "0" }, { "last_affected": "7.0.6" }, { "introduced": "0" }, { "last_affected": "7.0.7" } ] }
Affected versions
Other
NEWS
NEWS-cvs2svn
POST_64BIT_BRANCH_MERGE
POST_AST_MERGE
POST_NATIVE_TLS_MERGE
POST_PHP7_EREG_MYSQL_REMOVALS
POST_PHP7_NSAPI_REMOVAL
POST_PHP7_REMOVALS
POST_PHPNG_MERGE
PRE_64BIT_BRANCH_MERGE
PRE_AST_MERGE
PRE_NATIVE_TLS_MERGE
PRE_PHP7_EREG_MYSQL_REMOVALS
PRE_PHP7_NSAPI_REMOVAL
PRE_PHP7_REMOVALS
PRE_PHPNG_MERGE
php-5.*
php-5.3.23RC1
php-5.3.29
php-5.3.29RC1
php-5.4.30RC1
php-5.4.32RC1
php-5.4.4RC2
php-5.5.24RC1
php-5.5.36
php-5.6.0alpha1
php-5.6.1
php-5.6.10
php-5.6.10RC1
php-5.6.11
php-5.6.11RC1
php-5.6.12
php-5.6.12RC1
php-5.6.13
php-5.6.13RC1
php-5.6.14
php-5.6.14RC1
php-5.6.15
php-5.6.15RC1
php-5.6.16
php-5.6.16RC1
php-5.6.17
php-5.6.17RC1
php-5.6.18
php-5.6.18RC1
php-5.6.19
php-5.6.19RC1
php-5.6.1RC1
php-5.6.20
php-5.6.20RC1
php-5.6.21
php-5.6.21RC1
php-5.6.22
php-5.6.22RC1
php-5.6.3
php-5.6.3RC1
php-5.6.4
php-5.6.4RC1
php-5.6.5
php-5.6.5RC1
php-5.6.6
php-5.6.6RC1
php-5.6.7
php-5.6.7RC1
php-5.6.8
php-5.6.8RC1
php-5.6.9
php-5.6.9RC1
php-7.*
php-7.0.0
php-7.0.0RC1
php-7.0.0RC2
php-7.0.0RC3
php-7.0.0RC4
php-7.0.0RC5
php-7.0.0RC6
php-7.0.0RC7
php-7.0.0RC8
php-7.0.0alpha1
php-7.0.0alpha2
php-7.0.0beta1
php-7.0.0beta2
php-7.0.0beta3
php-7.0.1
php-7.0.1RC1
php-7.0.2
php-7.0.2RC1
php-7.0.3
php-7.0.3RC1
php-7.0.4
php-7.0.4RC1
php-7.0.5
php-7.0.5RC1
php-7.0.6
php-7.0.6RC1
php-7.0.7
php-7.0.7RC1
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-5769.json"
vanir_signatures
[
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "32203687252165884641521496728768875831",
"length": 862.0
},
"source": "https://github.com/php/php-src/commit/6c5211a0cef0cc2854eaa387e0eb036e012904d0",
"signature_type": "Function",
"id": "CVE-2016-5769-1e38791e",
"target": {
"file": "ext/mcrypt/mcrypt.c",
"function": "PHP_FUNCTION"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"51506035410952857971304452021247457204",
"72172001877554446259020152028712961325",
"23823678257127232997246676589008072417",
"79404059840789811017829614303744673097",
"316716464072344995735252880437054926590",
"133144832525051993283200446374798660032",
"118513482838300105891328965937892768869",
"51625652530258865130886867656754007806",
"295643317836634352308122878734835744973",
"134025358562151117036277580993723995320",
"53308974436854345589175514518235005140",
"123432703830555619410399524045646703668",
"274948616570550046791735712048500728697",
"210720851221617023742770210216610377765",
"177805026462843861556536097778258501628",
"56813145111427467166561965578064048321",
"223104151265854851079208923612997307461",
"288559410707505776242260049610837333526",
"316380180247054606671851550130764740090",
"97876106383301692192878046289127180928",
"208353951838205513031284854184810846139",
"6342196596892457715155847484865779065",
"159658161077178262292623435235914444352",
"99598370577946562571323571693268916769",
"132319809085466114153954870450698293202",
"278737045554005414479725755470164590689",
"250776710189226611007773993594697665408",
"140805238188469038667873767634145958558",
"7917246294867735561636089688675586133",
"216988507954644975874447503543952492236",
"144144768032023746499122235626118888812",
"284597779767863831769247246261069047996",
"311545481339738867313422279474793563840",
"211119573682066908010309989575468849733",
"100097795215231351821476633483088303096",
"220992996265067282146780970278178871317",
"107541598084909458706518654133214381284",
"202541991194560664732682085110264128585",
"52937441558753884189007072066604679290",
"331234618074300405171622225831864524086",
"257079503444884391606546917934124186462",
"84243947060426053783898080399576939330",
"336858518779711385504993300302205279716",
"247124980182649962830344183097786259398",
"121568683361298879076014944275565977600",
"128004954384681623314411341152037075490",
"301638167035278486544212288584752834409",
"100097795215231351821476633483088303096",
"220992996265067282146780970278178871317",
"107541598084909458706518654133214381284",
"202541991194560664732682085110264128585",
"52937441558753884189007072066604679290",
"331234618074300405171622225831864524086",
"257079503444884391606546917934124186462",
"75228134084931234919028431746396422862",
"155352773046509316093793262294328817001",
"13403455186660695560611215518663741643",
"86145246426455897047514904156727235995",
"188852777033019140494822343138297462739",
"324754148634191994496627402409449644615",
"175579104865903254133184795791228385861",
"22601008373147193363680276789871320526",
"74540445281745428924315165972619681378",
"255420801090324906472929815266396959541",
"162537769432946825349683155901391755791",
"96975799624951266121804677701445254956",
"103468785533557990659031055583856397147",
"252315403845441150356496678354250565286",
"151250829233368440898226716357926331365",
"215201808504977871505075013120700520013",
"18831672502499337866918330311377452611",
"299580278152735574644232995828475895428",
"155197076127180644078167773684031241140",
"279986312986013157433602706627718252666",
"108301047452125326863388130017853150576",
"170514010436317130915511175735613213483",
"108922736017113226397193381149057477829",
"248602242773591882869656813574384500466",
"36109156945469671525124616816258215232",
"154229438767943206757522772631254928450",
"78292058565898487374414210089887748124",
"180515694519127133405569765629436103282",
"304831728773185010862170655875885258513",
"234488795535759775967096295731254665807",
"170859106745079581656982493293727508564",
"334207528516879069333591507756164587224",
"136727520044369131010052322533621687398",
"61468977851291990280253725791132724184",
"135641433211218751652614218211095362778",
"257549267008996386706894294192708957288",
"46291942419385322720909956551004814703",
"233620863120751232504296121429457283118",
"85562807094942212385892328126888618011",
"100095825349509908195338522571750480883",
"328496963986535805628545629451043376050",
"135641433211218751652614218211095362778",
"257549267008996386706894294192708957288",
"46291942419385322720909956551004814703",
"233620863120751232504296121429457283118",
"85562807094942212385892328126888618011",
"100095825349509908195338522571750480883",
"100348104150133730394512559551230086608",
"135641433211218751652614218211095362778",
"257549267008996386706894294192708957288",
"46291942419385322720909956551004814703",
"233620863120751232504296121429457283118",
"85562807094942212385892328126888618011",
"100095825349509908195338522571750480883",
"301573750849398086378845885227182347856",
"117817571386698067686278134268543032382",
"287326778485284824982418201603911521488",
"24806138375808426109235208627063891857",
"61398350717050256986935933096970754420",
"303738838654397750216294390935270730471",
"109749136095992164661187314812086475520",
"212266597988963097289511345811854796640",
"299544998759735810050106115221178716793",
"68031016633594820525298371051549615338",
"111926662012073738239301109070640886283",
"31211932290491138503227412964743486197",
"110801374305237676970892805118599050489",
"195169520647841281508698925553470587011",
"335296780347695821369198737553037977839",
"12369752586288775198331732775728915977",
"288964730139838176488296619888833475764",
"335296780347695821369198737553037977839",
"17962964901532148310780237221743924819",
"4767300045298642612497977623740616635",
"195169520647841281508698925553470587011",
"147453028855202707556953789647212694254",
"265356837420500244845628611412360869505",
"195169520647841281508698925553470587011",
"147453028855202707556953789647212694254",
"315590220896055998011731486200456525145",
"195169520647841281508698925553470587011",
"147453028855202707556953789647212694254",
"22535166875373283639256524650756501389",
"270997869577157866668476803573983228760",
"145017492755142150959001266500335728958",
"175433688630597055633269836258843103104",
"91241541222137125244099323202064099966"
]
},
"source": "https://github.com/php/php-src/commit/6c5211a0cef0cc2854eaa387e0eb036e012904d0",
"signature_type": "Line",
"id": "CVE-2016-5769-55804d1b",
"target": {
"file": "ext/mcrypt/mcrypt.c"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "137476818522515136001851650963337495428",
"length": 832.0
},
"source": "https://github.com/php/php-src/commit/6c5211a0cef0cc2854eaa387e0eb036e012904d0",
"signature_type": "Function",
"id": "CVE-2016-5769-c3279c15",
"target": {
"file": "ext/mcrypt/mcrypt.c",
"function": "PHP_FUNCTION"
}
}
]
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.6.0-alpha4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.6.0-alpha5"
}
]
}
]