Vulnerability Details : CVE-2016-3141
Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element.
Vulnerability category: OverflowMemory CorruptionDenial of service
Products affected by CVE-2016-3141
- cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.6.13:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.6.14:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.6.11:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.6.12:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.6.9:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.6.10:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.6.17:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.6.18:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.6.15:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.6.16:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.6.0:*:*:*:*:*:*:*
Threat overview for CVE-2016-3141
Top countries where our scanners detected CVE-2016-3141
Top open port discovered on systems with this issue
80
IPs affected by CVE-2016-3141 430,784
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2016-3141!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2016-3141
6.87%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 94 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-3141
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2016-3141
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-3141
-
http://www.securityfocus.com/bid/84271
PHP 'ext/wddx/wddx.c' Use After Free Remote Code Execution Vulnerability
-
http://www.ubuntu.com/usn/USN-2952-1
USN-2952-1: PHP vulnerabilities | Ubuntu security notices
-
http://www.securitytracker.com/id/1035255
PHP Bugs in Phar and WDDX Let Remote Users Execute Arbitrary Code - SecurityTracker
-
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html
[security-announce] openSUSE-SU-2016:1173-1: important: Security update
-
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00056.html
[security-announce] SUSE-SU-2016:1166-1: important: Security update for
-
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html
[security-announce] openSUSE-SU-2016:1167-1: important: Security update
-
http://www.ubuntu.com/usn/USN-2952-2
USN-2952-2: PHP regression | Ubuntu security notices
-
https://bugs.php.net/bug.php?id=71587
PHP :: Sec Bug #71587 :: Use-After-Free / Double-Free in WDDX DeserializeExploit
-
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html
[security-announce] SUSE-SU-2016:1145-1: important: Security update for
-
http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html
Oracle Solaris Bulletin - October 2016
-
http://git.php.net/?p=php-src.git;a=commit;h=b1bd4119bcafab6f9a8f84d92cd65eec3afeface
208.43.231.11 Git - php-src.git/commit
-
http://lists.apple.com/archives/security-announce/2016/May/msg00004.html
Apple - Lists.apple.com
-
https://php.net/ChangeLog-5.php
PHP: PHP 5 ChangeLog
-
https://support.apple.com/HT206567
About the security content of OS X El Capitan v10.11.5 and Security Update 2016-003 - Apple Support
-
http://rhn.redhat.com/errata/RHSA-2016-2750.html
RHSA-2016:2750 - Security Advisory - Red Hat Customer Portal
Jump to