Vulnerability Details : CVE-2016-7398
A type confusion vulnerability in the merge_param() function of php_http_params.c in PHP's pecl-http extension 3.1.0beta2 (PHP 7) and earlier as well as 2.6.0beta2 (PHP 5) and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests.
Vulnerability category: Execute code
Products affected by CVE-2016-7398
- cpe:2.3:a:php:ext-http:*:*:*:*:*:*:*:*
- cpe:2.3:a:php:ext-http:*:*:*:*:*:*:*:*
- cpe:2.3:a:php:ext-http:3.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:ext-http:3.1.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:php:ext-http:2.6.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:php:ext-http:2.6.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:php:ext-http:3.1.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:php:ext-http:2.6.0:-:*:*:*:*:*:*
- cpe:2.3:a:php:ext-http:2.6.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:php:ext-http:3.1.0:rc1:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-7398
0.33%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 72 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-7398
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2016-7398
-
The product does not correctly convert an object, resource, or structure from one type to a different type.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-7398
-
https://bugs.php.net/bug.php?id=73055&edit=1
PHP :: Sec Bug #73055 :: Type confusion vulnerability in merge_param()Exploit;Vendor Advisory
-
https://github.com/m6w6/ext-http/commit/17137d4ab1ce81a2cee0fae842340a344ef3da83
fix bug #73055 · m6w6/ext-http@17137d4 · GitHubPatch;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2019/09/msg00022.html
[SECURITY] [DLA 1929-1] php-pecl-http security update
-
https://bugs.php.net/bug.php?id=73055
PHP :: Sec Bug #73055 :: Type confusion vulnerability in merge_param()Exploit;Mailing List;Vendor Advisory
Jump to