Linux Distros Unpatched Vulnerability : CVE-2016-6288

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The phpurlparseex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service buffer over-read or possibly have...

K34985231: PHP vulnerabilities CVE-2016-6288 and CVE-2016-6289

Security Advisory Description CVE-2016-6288 The phpurlparseex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via vectors involving the smartstr data type. CVE-2016-6289 Integer...

SUSE: Security Advisory (SUSE-SU-2016:2210-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2016:2328-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2016:2408-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2016:2080-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Out-Of-Bounds Read

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The rh-php56 packages provide a recent stable release of PHP with PEAR 1.9.5 and enhanced language features including constant expressions, variadic functions, arguments unpacking, and the interactive debuger. T...

Stack-Based Buffer Overflow

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The rh-php56 packages provide a recent stable release of PHP with PEAR 1.9.5 and enhanced language features including constant expressions, variadic functions, arguments unpacking, and the interactive debuger. T...

Denial Of Service (DoS) Through Memory Corruption

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The rh-php56 packages provide a recent stable release of PHP with PEAR 1.9.5 and enhanced language features including constant expressions, variadic functions, arguments unpacking, and the interactive debuger. T...

Arbitrary Code Execution

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The rh-php56 packages provide a recent stable release of PHP with PEAR 1.9.5 and enhanced language features including constant expressions, variadic functions, arguments unpacking, and the interactive debuger. T...

Denial Of Service (DoS)

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The rh-php56 packages provide a recent stable release of PHP with PEAR 1.9.5 and enhanced language features including constant expressions, variadic functions, arguments unpacking, and the interactive debuger. T...

Denial Of Service (DoS)

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The rh-php56 packages provide a recent stable release of PHP with PEAR 1.9.5 and enhanced language features including constant expressions, variadic functions, arguments unpacking, and the interactive debuger. T...

SUSE SLES12 Security Update : php5 (SUSE-SU-2016:2408-1)

This update for php5 fixes the following security issues : - CVE-2016-6128: Invalid color index not properly handled bsc987580 - CVE-2016-6161: global out of bounds read when encoding gif from malformed input withgd2togif bsc988032 - CVE-2016-6292: NULL pointer dereference in exifprocessusercomme...

Security update for php5 (important)

This update for php5 fixes the following security issues: CVE-2016-6128: Invalid color index not properly handled bsc987580 CVE-2016-6161: global out of bounds read when encoding gif from malformed input withgd2togif bsc988032 CVE-2016-6292: Null pointer dereference in exifprocessusercomment...

SUSE SLES11 Security Update : php53 (SUSE-SU-2016:2328-1)

This update for php53 fixes the following security issues : - CVE-2014-3587: Integer overflow in the cdfreadpropertyinfo affecting SLES11 SP3 bsc987530 - CVE-2016-6297: Stack-based buffer overflow vulnerability in phpstreamzipopener bsc991426 - CVE-2016-6291: Out-of-bounds access in...

SUSE SLES11 Security Update : php5 (SUSE-SU-2016:2080-1)

php5 was updated to fix the following security issues : - CVE-2016-6297: Stack-based buffer overflow vulnerability in phpstreamzipopener bsc991426. - CVE-2016-6291: Out-of-bounds access in exifprocessIFDinMAKERNOTE bsc991427. - CVE-2016-6289: Integer overflow leads to buffer overflow in...

openSUSE Security Update : php5 (openSUSE-2016-985)

This update for php5 fixes the following issues : - security update : - CVE-2016-6128: Invalid color index not properly handled bsc987580 - CVE-2016-6161: global out of bounds read when encoding gif from malformed input withgd2togif bsc988032 - CVE-2016-6292: NULL pointer dereference in...

CVE-2016-6288

The phpurlparseex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via vectors involving the smartstr data type...

BELL-CVE-2016-6288 CVE-2016-6288 does not affect BellSoft software

Bulletin has no description...

CVE-2016-6288

CVE-2016-6288 affects PHP prior to 5.5.38 in ext/standard/url.c (php_url_parse_ex): remote denial-of-service via buffer over-read through smart_str vectors. Exploitation was reported to cause DoS and possibly other impact. A fix exists in PHP 5.5.38+ (and later branches); upgrade to a non-vulnera...