Vulnerability Details : CVE-2016-7413
Potential exploit
Use-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that lacks an end-tag for a recordset field element, leading to mishandling in a wddx_deserialize call.
Vulnerability category: Memory CorruptionDenial of service
Products affected by CVE-2016-7413
- cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.8:*:*:*:*:*:*:*
Threat overview for CVE-2016-7413
Top countries where our scanners detected CVE-2016-7413
Top open port discovered on systems with this issue
80
IPs affected by CVE-2016-7413 475,750
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2016-7413!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2016-7413
1.43%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 86 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-7413
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2016-7413
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-7413
-
https://bugs.php.net/bug.php?id=72860
PHP :: Sec Bug #72860 :: wddx_deserialize use-after-freeExploit;Issue Tracking
-
https://security.gentoo.org/glsa/201611-22
PHP: Multiple vulnerabilities (GLSA 201611-22) — Gentoo security
-
http://www.securityfocus.com/bid/93006
PHP CVE-2016-7413 Use After Free Denial of Service Vulnerability
-
http://www.securitytracker.com/id/1036836
PHP Multiple Memory Corruption Errors Let Remote and Local Users Execute Arbitrary Code on the Target System - SecurityTracker
-
https://access.redhat.com/errata/RHSA-2018:1296
RHSA-2018:1296 - Security Advisory - Red Hat Customer Portal
-
https://www.tenable.com/security/tns-2016-19
[R6] SecurityCenter 5.4.1 Fixes Multiple Vulnerabilities - Security Advisory | Tenable®
-
http://www.openwall.com/lists/oss-security/2016/09/15/10
oss-security - Re: CVE assignment for PHP 5.6.26 and 7.0.11Mailing List
-
https://github.com/php/php-src/commit/b88393f08a558eec14964a55d3c680fe67407712?w=1
Fix bug #72860: wddx_deserialize use-after-free · php/php-src@b88393f · GitHubIssue Tracking;Patch
-
http://www.php.net/ChangeLog-7.php
PHP: PHP 7 ChangeLogRelease Notes
-
http://www.php.net/ChangeLog-5.php
PHP: PHP 5 ChangeLogRelease Notes
Jump to