Lucene search

K
cveMitreCVE-2016-6289
HistoryJul 25, 2016 - 2:59 p.m.

CVE-2016-6289

2016-07-2514:59:01
CWE-190
mitre
web.nvd.nist.gov
153
cve-2016-6289
php
integer overflow
denial of service
stack-based buffer overflow
zip archive

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8

Confidence

Low

EPSS

0.008

Percentile

81.8%

Integer overflow in the virtual_file_ex function in TSRM/tsrm_virtual_cwd.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted extract operation on a ZIP archive.

Affected configurations

Nvd
Node
phpphpRange5.5.37
OR
phpphpMatch5.6.0alpha1
OR
phpphpMatch5.6.0alpha2
OR
phpphpMatch5.6.0alpha3
OR
phpphpMatch5.6.0alpha4
OR
phpphpMatch5.6.0alpha5
OR
phpphpMatch5.6.0beta1
OR
phpphpMatch5.6.0beta2
OR
phpphpMatch5.6.0beta3
OR
phpphpMatch5.6.0beta4
OR
phpphpMatch5.6.1
OR
phpphpMatch5.6.2
OR
phpphpMatch5.6.3
OR
phpphpMatch5.6.4
OR
phpphpMatch5.6.5
OR
phpphpMatch5.6.6
OR
phpphpMatch5.6.7
OR
phpphpMatch5.6.8
OR
phpphpMatch5.6.9
OR
phpphpMatch5.6.10
OR
phpphpMatch5.6.11
OR
phpphpMatch5.6.12
OR
phpphpMatch5.6.13
OR
phpphpMatch5.6.14
OR
phpphpMatch5.6.15
OR
phpphpMatch5.6.16
OR
phpphpMatch5.6.17
OR
phpphpMatch5.6.18
OR
phpphpMatch5.6.19
OR
phpphpMatch5.6.20
OR
phpphpMatch5.6.21
OR
phpphpMatch5.6.22
OR
phpphpMatch5.6.23
OR
phpphpMatch7.0.0
OR
phpphpMatch7.0.1
OR
phpphpMatch7.0.2
OR
phpphpMatch7.0.3
OR
phpphpMatch7.0.4
OR
phpphpMatch7.0.5
OR
phpphpMatch7.0.8
VendorProductVersionCPE
phpphp5.6.8cpe:/a:php:php:5.6.8:::
phpphp5.6.0cpe:/a:php:php:5.6.0:beta1::
phpphp7.0.8cpe:/a:php:php:7.0.8:::
phpphp5.6.7cpe:/a:php:php:5.6.7:::
phpphp5.6.15cpe:/a:php:php:5.6.15:::
phpphp5.6.10cpe:/a:php:php:5.6.10:::
phpphp7.0.5cpe:/a:php:php:7.0.5:::
phpphp5.6.13cpe:/a:php:php:5.6.13:::
phpphp5.6.2cpe:/a:php:php:5.6.2:::
phpphp5.6.21cpe:/a:php:php:5.6.21:::
Rows per page:
1-10 of 401

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8

Confidence

Low

EPSS

0.008

Percentile

81.8%