Vulnerability Details : CVE-2016-7414
The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2016-7414
- cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.8:*:*:*:*:*:*:*
Threat overview for CVE-2016-7414
Top countries where our scanners detected CVE-2016-7414
Top open port discovered on systems with this issue
80
IPs affected by CVE-2016-7414 473,213
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2016-7414!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2016-7414
1.89%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 88 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-7414
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2016-7414
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-7414
-
https://security.gentoo.org/glsa/201611-22
PHP: Multiple vulnerabilities (GLSA 201611-22) — Gentoo security
-
https://bugs.php.net/bug.php?id=72928
PHP :: Sec Bug #72928 :: Out of bound when verify signature of zip phar in phar_parse_zipfileExploit;Issue Tracking
-
http://www.securitytracker.com/id/1036836
PHP Multiple Memory Corruption Errors Let Remote and Local Users Execute Arbitrary Code on the Target System - SecurityTracker
-
https://access.redhat.com/errata/RHSA-2018:1296
RHSA-2018:1296 - Security Advisory - Red Hat Customer Portal
-
https://www.tenable.com/security/tns-2016-19
[R6] SecurityCenter 5.4.1 Fixes Multiple Vulnerabilities - Security Advisory | Tenable®
-
http://www.securityfocus.com/bid/93004
PHP CVE-2016-7414 Heap Buffer Overflow Vulnerability
-
http://www.openwall.com/lists/oss-security/2016/09/15/10
oss-security - Re: CVE assignment for PHP 5.6.26 and 7.0.11Mailing List
-
https://github.com/php/php-src/commit/0bfb970f43acd1e81d11be1154805f86655f15d5?w=1
Fix bug #72928 - Out of bound when verify signature of zip phar in ph… · php/php-src@0bfb970 · GitHubIssue Tracking;Patch
-
http://www.php.net/ChangeLog-7.php
PHP: PHP 7 ChangeLogRelease Notes
-
http://www.php.net/ChangeLog-5.php
PHP: PHP 5 ChangeLogRelease Notes
Jump to