CVE-2016-5770
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2016-5770
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-5770.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2016-5770
- Downstream
- Related
- Published
- 2016-08-07T10:59:18Z
- Modified
- 2025-10-21T03:53:39.026370Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer argument, a related issue to CVE-2016-5096.
- References
-
- http://github.com/php/php-src/commit/7245bff300d3fa8bacbef7897ff080a6f1c23eba?w=1
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.html
- http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html
- http://php.net/ChangeLog-5.php
- http://rhn.redhat.com/errata/RHSA-2016-2750.html
- http://www.debian.org/security/2016/dsa-3618
- http://www.openwall.com/lists/oss-security/2016/06/23/4
- http://www.securityfocus.com/bid/91403
- https://bugs.php.net/bug.php?id=72262
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731
- https://support.apple.com/HT207170
- http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html
Affected packages
Git / github.com/php/php-src
Affected ranges
- Type
- GIT
- Repo
- https://github.com/php/php-src
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
NEWS
NEWS-cvs2svn
php-5.*
php-5.3.23RC1
php-5.3.29
php-5.3.29RC1
php-5.4.30RC1
php-5.4.32RC1
php-5.4.4RC2
php-5.5.24RC1
Database specific
vanir_signatures
[
{
"signature_version": "v1",
"source": "https://github.com/php/php-src/commit/7245bff300d3fa8bacbef7897ff080a6f1c23eba",
"deprecated": false,
"id": "CVE-2016-5770-0d5a8078",
"target": {
"file": "ext/spl/spl_directory.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"207857728161140554441600061655700736911",
"214934269934396566947922605580496730714",
"296940648342514330163933506027098448376",
"103964395719938357469979482994290726989",
"88635915691016566904094490498000267631",
"40850093372234011884951839226248885947",
"110133465975390168161568987079275214571",
"327426292152065042271238869839733092069",
"312064766065238879598467973723559511247",
"279378876464457652418055060405542256631",
"37153068688319700706247907468401081375",
"142544098206661611960252893453565334712",
"217591465213875994946799122056113470242",
"258687329172644183052229230092436995941",
"124477937712182379275787261405554635167",
"18521737454947230733279860742565194767",
"191310445344489404374829949782385918544",
"169849886458913483152503330212676115962",
"290837326575033210651545831652719648709",
"89594481386855846768712716817846133844",
"304747310595769505535955949836356411904",
"249200113471160978775166586737544207035",
"202867115870269892394509977995037481373",
"13596281857796554230085622512732836900",
"90350360789214509156652202912038346186",
"187194619120037686569354480045870791617",
"30703075079811505809559768093682117373",
"203228191160360984239227959534695765427",
"66976602086100513539869433732135558328",
"188096752431760393748224607547286677174",
"315226105600006008699476046411790132788",
"45732972775182300778448996084630053172",
"24852563524450049791271235511498957457",
"259909832417321797798278686743668414369",
"290985903483583654043549321325230250358",
"176340865462836955845143287064883276535",
"65788481645577661787091807495041271423",
"42920774668213647338547875417537613620",
"27226673990395382951639522373888460363",
"44234929880664587857456234513503775387",
"192607349422823079985611696763736424314",
"153922410774732935806738138171964836788",
"278293627679551455888550667834355992097",
"101067540410623654063044071455248583306",
"326934217507677197866923045620624004990",
"302242324575682369957868652979113289261",
"236213647717437564292851789648002461538",
"271931953898478544485552745560698363578",
"286351824631486713798723681711529591966",
"20881098861313467780172584981153572926",
"57419796743339126641357233159804911212",
"158661390397053486828278980509528936011",
"307484916255737302800653563093888816051",
"19146442478611236009719688124775664665",
"30524597271835258459098972828076281532",
"119569536795060479614688377284118462122",
"80211877708375192335334857989051678853",
"95443995617954568813157485495402172027",
"95281394643467344407168092109626358846",
"193057556127114110635915799941470363967",
"158008694751404548761674665919464195939",
"95281394643467344407168092109626358846",
"193057556127114110635915799941470363967",
"132311109629369844032720868189880730392",
"179268543638408088366740575917000452837",
"19904252506700460868758718441007665231",
"296981039007751678386068689570690299030",
"95281394643467344407168092109626358846",
"193057556127114110635915799941470363967",
"111713550468922071441450111086443012457",
"236337531896750870974222297831576775953",
"181106193232054565667192712170096040419",
"239347581836893881564699256033898407007",
"158849396329528167507572626432840864416",
"181106193232054565667192712170096040419",
"329441141592421122900143458741005400597",
"332636141965510978552994221489511845208",
"101528824853018523070505649399877658118",
"245258418621111067503424893175383958839",
"102519316298953782302079659246257832593",
"95281394643467344407168092109626358846",
"193057556127114110635915799941470363967",
"339060801907014806678726519346416434182",
"61752185517446294607430063582290458682",
"139803445207499254554084499689683515610",
"208690941974635364044310167838190176225",
"228739686211792753961813567115090465243",
"150189812361515059947635729023823731667",
"156805408189848508546793658048180540767",
"95281394643467344407168092109626358846",
"193057556127114110635915799941470363967",
"215188472673793170232797003777809307865",
"95281394643467344407168092109626358846",
"193057556127114110635915799941470363967",
"159576831985570334153020023811955005736",
"95281394643467344407168092109626358846",
"193057556127114110635915799941470363967",
"244729115894096733457707889921469363227",
"293435668267643006972071042528221691772",
"185263633813623592652353094264021657923",
"264400958264950637807561967637007645244",
"326237525203632941514564711993066863786",
"35728460220307430412322124610313127557",
"129845197002609749659445700942987930391",
"324905641885473836094433513005644457999",
"104533914534476854147291167180426250313",
"56640401495541235347207074624505597219",
"188468199162599636112878899507803829023",
"137366877382585064172405330317887222447",
"313620665513247922159704478052424898151",
"188468199162599636112878899507803829023",
"64904068632615705085976079661666705665",
"201151784254702952756969759792150114741",
"334492096744168888376630460154862553355",
"245922436066192020830021719927209519558",
"161547472871588367263376713051867409353",
"122148901857671622580345377883073989571",
"2643797328558818452801931794382691191",
"221996443320159145967226851237212275206",
"172862345142225565753012608117136451069",
"20487287561370945888186821335878534953",
"165821203283589972074841466909889870029",
"235184286765970635440048596676020837441",
"328964068565813320256854450873762573414",
"226076429895337888961262869624841112206",
"172654153450429865513276995338029394879",
"328964068565813320256854450873762573414",
"226076429895337888961262869624841112206",
"299498186535600618470299114608254875887",
"68868536645389803802862094311057472891",
"95281394643467344407168092109626358846",
"193057556127114110635915799941470363967",
"234652590388091843498979599144172036388",
"19022380187149038487741788166743291294",
"43930397996778728327790582331567776563",
"287872256585633815783248597931976092963",
"273949448762706615793150091375889284090",
"198337802893624612326101303505038031365",
"60427031961898221872746900645717296187",
"95281394643467344407168092109626358846",
"193057556127114110635915799941470363967",
"170837898784258724074860055335222700846",
"144994638899129240814967089398640727120",
"43930397996778728327790582331567776563",
"92973958240537236393731011017884825150",
"95281394643467344407168092109626358846",
"193057556127114110635915799941470363967",
"193634473852516727253755261729679573719",
"80462420151775865245781361120107432186",
"73218844049903202559982733118974086273",
"269284470673284163167476698696706014785",
"328008832186899719961462712752118866329",
"114829643223412691256887235007399723691",
"2528425131263381030854311966074447586",
"143289264793611559242115394150939457729",
"71573823896725984441260153344600309442",
"174128627243539926272120497900904806378",
"59763688271421197408751244734315263880",
"154291940043202470983799719272068089144",
"168405692368157898609013094081143777959",
"259785370658559950714981580628803297893",
"89786028248090659536257835233058512812",
"336147993477433515934680808715185407746",
"222740931523923276370350304740891694137",
"210080096946936651427387437372272537095",
"188382453424981008969901931166353401158",
"80462420151775865245781361120107432186",
"303720273796229539985880176097211970137",
"286736441137998575984758372464688212099",
"37399893515260986461642265847155064939",
"67906460012425653514129308700205306685",
"199639124729749284994900559219734029863",
"313872890824217232991612101746424789355",
"310353873313478903782761707900859585509",
"55877723753362240691564580049424009697",
"261643574724904464194627561030575136499",
"316675930621184027089255832962550294728",
"185033109263723529457311542250510895199",
"231004050228082394947421116543840412136",
"285012539302518943399967026185327354989",
"338979712664502202004381082227374225449",
"29742642181106884832866654441841577308",
"279289601446631636172708432392171013914",
"308895106051333643003255696887061960550",
"43224313624302571347088857186796871709",
"26331917306210450706753159364099343756",
"91769608534375666752173491915926541678",
"21169647744361946429343117471908868658",
"286767356235884562904222626598462226043",
"315902550703828508625565840898731066595",
"223177333848547702290095876755932722700",
"336531525352001556214617907266048236892",
"266262533050213868382782852439034156327",
"70275964481474270842396111324303016290",
"245717713471056059533163155771930161402",
"160403713353944202684936769060010529307",
"282198693379007438899700157955182258553",
"141602559303004777480403344862727124251",
"303381981789591220419731327558969584814",
"223737417723974612486295561695542334432",
"297832020621143487111370492963513721380",
"299795750464603823424458467039820359884",
"2916987734153098277790224566833548003",
"91304738477124326872958036777336405926",
"264021181974792870823984278364534127456",
"133956034673742158644788889410118550295",
"7042458131444627075754258853498671079",
"73554171635540956141369730751213988562",
"151231497177556975690268999947312007090",
"92130989036587587302032237649390146524",
"112226387175313472411136305807912651018",
"272488665931502140257703696787796227090",
"35554872435268651299483105786248406831",
"24875255021502988762953487259587541127",
"83551973883344586354073152404074213748",
"139967446664226957449098689674688840787",
"164821388769105658912166466810342044480",
"79759011767472413616697227009515878789",
"138584224123342804423850465453912472697",
"174719318013814334042338757641865933715",
"105960988325257499672531119415342122665",
"288596362202594231631803900744243233320",
"196288316003127579975976269285608540902",
"95281394643467344407168092109626358846",
"193057556127114110635915799941470363967",
"87860417217296903655106882216958854746",
"95281394643467344407168092109626358846",
"193057556127114110635915799941470363967",
"244982467807978933793044241047077505328",
"95281394643467344407168092109626358846",
"193057556127114110635915799941470363967",
"54859222604294176413954792629481876248",
"95281394643467344407168092109626358846",
"193057556127114110635915799941470363967",
"261597942388231980050088333775298837105",
"95281394643467344407168092109626358846",
"193057556127114110635915799941470363967",
"190804696289990589665198808324666030181",
"95281394643467344407168092109626358846",
"193057556127114110635915799941470363967",
"112930222518415012274076627435588022921",
"95281394643467344407168092109626358846",
"193057556127114110635915799941470363967",
"327863393614236463214279176992301269023",
"74799694643200662583276072832716494794",
"96663415534168506290725154348675054249",
"134712273559901564555285996668632847971",
"95281394643467344407168092109626358846",
"193057556127114110635915799941470363967",
"37091619254715448405369640801974907784",
"159859969050096628056599088284755881925",
"151464072387156494876545865102389800078",
"300492668615682835333062595982951043210",
"314931402614395805191124466689385433714",
"99445178647355246713130667321851397274",
"202326221292713121952368938468846320203",
"308254551006096271931427833120933272492",
"140370968585355656107114588045606342706",
"337496959354896730912444140751137462149",
"314931402614395805191124466689385433714",
"99445178647355246713130667321851397274",
"168036943554710336749140485111397408509",
"199164357371910072712451814914196544415",
"119993156131949924995489254560092358180",
"335372645009736625186490097953901422004",
"121838623515586181492218961426019618701",
"186238030407900480012094108819351115012",
"88707624328710216576396432448650251486",
"80045952456384047989775756374567329079",
"314926564276588228141358923173688321144",
"282136722332836795038679848397817473607",
"327928032438596926424973101107162747116",
"283969522821842334648434767863129350851",
"314566609496861130665865689262021776624",
"280241754397848075735761484620043811090",
"153681332509552060251966382579046782457",
"33112893938834042975756566050724876363",
"308519570357244085107730606696596082354",
"107252868891399629504125635959162692887",
"180120782210067961764910440810011487180",
"160766578117471966537518478308900098465",
"172255958595837919894592856973428098735",
"88438312755720290077389583093071567857",
"319903627835017582141700594367369469424",
"256431809457993460725826500117534808258",
"180332830207740996464126834521529388716",
"248272203803441711078170942668640745488",
"136070107655965400621104995805012175527",
"3413820762178509284343845215498583137",
"81734633339880364194037749312922454836",
"286149576560679333442971556536502205923",
"279832784126444099554478733293105258945",
"45336266610371527213581399372562773421",
"246502934384197302672341322017565392471",
"285813355651340133809927952831466938406",
"157738642695681575219069148724335764414",
"288939563862960767603974788128255954349",
"230460342305302779848358253357753175820",
"73376689218533633596547948726760601180",
"187579293037119912245506154569813772360",
"205055987487825111764798038265447203129",
"155990613327117878504934658314687499963",
"282257852616622420626737689415965961123",
"210936091991461268254184003450100109462",
"187984804770952933336431440069416632457",
"157825547033091101745382650488172795668",
"237808174259922083846289968920730635670",
"307607684946101977470652739086861310052",
"70203133035205433126423283660104024592",
"245666921694743644417059534479377909739",
"160920670553343873282828079944618133578",
"242470922326318365100133910076795226382",
"28355692188281845623717698264595209288",
"110134623043864247633334556436051566069",
"81165161856142501511809070104426888754",
"293493406358771216845580877280447244897",
"183140791093173272903373688265060151617",
"295639280927304045620915487147207721314",
"155104923709032075912544944120798851168",
"277898733793016074264833722723543423604"
]
},
"signature_type": "Line"
},
{
"signature_version": "v1",
"source": "https://github.com/php/php-src/commit/7245bff300d3fa8bacbef7897ff080a6f1c23eba",
"deprecated": false,
"id": "CVE-2016-5770-e8b28e12",
"target": {
"function": "SPL_METHOD",
"file": "ext/spl/spl_directory.c"
},
"digest": {
"function_hash": "320784255130194455252737568462051099377",
"length": 650.0
},
"signature_type": "Function"
}
]