Tenable802031.PRMPHP 5.5.x < 5.5.35, 5.6.x < 5.6.21, 7.x < 7.0.6 Multiple Vulnerabilities
The specific version of PHP that the system is running is reportedly affected by the following vulnerabilities:
-
PHP contains an out-of-bounds read flaw in ext/intl/grapheme/grapheme_string.c that is triggered when handling negative offsets in zif_grapheme_stripos. This may allow a remote attacker to crash a process utilizing the language or potentially disclose memory contents. (CVE-2016-4540)
-
PHP contains an out-of-bounds read flaw in the php_str2num() function in ext/bcmath/bcmath.c that is triggered when accepting negative scales. This may allow a remote attacker to crash a process utilizing the language or potentially disclose memory contents. (CVE-2016-4537)
-
PHP contains an out-of-bounds read flaw in the exif_read_data() function in ext/exif/exif.c that is triggered when handling exif headers. This may allow a remote attacker to crash a process utilizing the language or potentially disclose memory contents. (CVE-2016-4542)
-
PHP contains a flaw in the xml_parse_into_struct() function in ext/xml/xml.c that is triggered during the handling of a specially crafted XML content. This may allow a remote attacker to cause a denial of service. (CVE-2016-4539)
Binary data 802031.prmReferences
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4537
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4539
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4540
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4542
php.net/ChangeLog-5.php#5.5.35
php.net/ChangeLog-5.php#5.6.21
php.net/ChangeLog-7.php#7.0.6
bugs.php.net/bug.php?id=72061
bugs.php.net/bug.php?id=72093
bugs.php.net/bug.php?id=72099
Related
