CVE-2016-3132 : Double free vulnerability in the SplDoublyLinkedList::offsetSet function in ext/

Double free vulnerability in the SplDoublyLinkedList::offsetSet function in ext/spl/spl_dllist.c in PHP 7.x before 7.0.6 allows remote attackers to execute arbitrary code via a crafted index.

Published 2016-08-07 10:59:05

Updated 2025-04-12 10:46:41

Source MITRE

View at NVD, CVE.org

Vulnerability category: Memory CorruptionExecute code

Products affected by CVE-2016-3132

PHP » PHP » Version: 7.0.5
cpe:2.3:a:php:php:7.0.5:*:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 7.0.3
cpe:2.3:a:php:php:7.0.3:*:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 7.0.4
cpe:2.3:a:php:php:7.0.4:*:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 7.0.1
cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 7.0.2
cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 7.0.0
cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2016-3132

Top countries where our scanners detected CVE-2016-3132

Top open port discovered on systems with this issue 80

IPs affected by CVE-2016-3132 2,335

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2016-3132!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2016-3132

EPSS FAQ

8.38%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 92 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2016-3132

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
9.8	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2016-3132

CWE-415 Double Free

The product calls free() twice on the same memory address.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-3132

https://security-tracker.debian.org/tracker/CVE-2016-3132

CVE-2016-3132
Third Party Advisory;VDB Entry
http://github.com/php/php-src/commit/28a6ed9f9a36b9c517e4a8a429baf4dd382fc5d5?w=1

Fix bug #71735: Double-free in SplDoublyLinkedList::offsetSet · php/php-src@28a6ed9 · GitHub
Patch
https://php.net/ChangeLog-7.php

PHP: PHP 7 ChangeLog
Patch;Release Notes

CVEs referencing this url
http://www.securityfocus.com/bid/92356

PHP CVE-2016-3132 Double Free Memory Corruption Vulnerability
https://bugs.php.net/bug.php?id=71735

PHP :: Bug #71735 :: Double-free in SplDoublyLinkedList::offsetSet
Exploit