EUVD-2016-8254

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2016-7398

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A type confusion vulnerability in the mergeparam function of phphttpparams.c in PHP's pecl-http extension 3.1.0beta2 PHP 7 and earlier as well as 2.6.0beta2 PHP...

CVE-2016-7398

A type confusion vulnerability in the mergeparam function of phphttpparams.c in PHP's pecl-http extension 3.1.0beta2 PHP 7 and earlier as well as 2.6.0beta2 PHP 5 and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests...

SUSE CVE-2016-5873

Buffer overflow in the HTTP URL parsing functions in peclhttp before 3.0.1 might allow remote attackers to execute arbitrary code via non-printable characters in a URL...

Debian: Security Advisory (DLA-1929-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 1929-1] php-pecl-http security update

Package : php-pecl-http Version : 2.0.4-1+deb8u1 CVE ID : CVE-2016-7398 A vulnerability has been discovered in php-pecl-http, the peclhttp module for PHP 5 Extended HTTP Support. A type confusion vulnerability in the mergeparam function allows attackers to crash PHP and possibly execute arbitrary...

DLA-1929-1 php-pecl-http - security update

Bulletin has no description...

CVE-2016-7398

A type confusion vulnerability in the mergeparam function of phphttpparams.c in PHP's pecl-http extension 3.1.0beta2 PHP 7 and earlier as well as 2.6.0beta2 PHP 5 and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests...

CVE-2016-7398

A type confusion vulnerability in the mergeparam function of phphttpparams.c in PHP's pecl-http extension 3.1.0beta2 PHP 7 and earlier as well as 2.6.0beta2 PHP 5 and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests...

DEBIAN-CVE-2016-7398

A type confusion vulnerability in the mergeparam function of phphttpparams.c in PHP's pecl-http extension 3.1.0beta2 PHP 7 and earlier as well as 2.6.0beta2 PHP 5 and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests...

Type confusion

A type confusion vulnerability in the mergeparam function of phphttpparams.c in PHP's pecl-http extension 3.1.0beta2 PHP 7 and earlier as well as 2.6.0beta2 PHP 5 and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests...

CVE-2016-7398

A type confusion vulnerability in the mergeparam function of phphttpparams.c in PHP's pecl-http extension 3.1.0beta2 PHP 7 and earlier as well as 2.6.0beta2 PHP 5 and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests...

UBUNTU-CVE-2016-7398

A type confusion vulnerability in the mergeparam function of phphttpparams.c in PHP's pecl-http extension 3.1.0beta2 PHP 7 and earlier as well as 2.6.0beta2 PHP 5 and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests...

CVE-2016-7398

A type confusion vulnerability in the mergeparam function of phphttpparams.c in PHP's pecl-http extension 3.1.0beta2 PHP 7 and earlier as well as 2.6.0beta2 PHP 5 and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests...

CVE-2016-7398

The CVE-2016-7398 issue affects the PHP pecl_http extension (php-pecl-http) for PHP 7 (3.1.0beta2) and PHP 5 (2.6.0beta2) where a type confusion in merge_param() in php_http_params.c can cause PHP to crash and may allow code execution via crafted HTTP requests. Public exploit details are not prov...

CVE-2016-7398

A type confusion vulnerability in the mergeparam function of phphttpparams.c in PHP's pecl-http extension 3.1.0beta2 PHP 7 and earlier as well as 2.6.0beta2 PHP 5 and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests...

GLSA-201612-17 : PECL HTTP: Remote execution of arbitrary code

The remote host is affected by the vulnerability described in GLSA-201612-17 PECL HTTP: Remote execution of arbitrary code A buffer overflow can be triggered in the URL parsing functions of the PECL HTTP extension. This allows overflowing a buffer with data originating from an arbitrary HTTP...

PECL HTTP: Remote execution of arbitrary code

Background This HTTP extension aims to provide a convenient and powerful set of functionality for one of PHPs major applications. Description A buffer overflow can be triggered in the URL parsing functions of the PECL HTTP extension. This allows overflowing a buffer with data originating from an...

Internet Bug Bounty: Heap overflow caused by type confusion vulnerability in merge_param()

Since the original report is still marked as private in the PHP bug tracker please find the copy & pasted bug report below edited for readability and to include correct bug tracker id. See the references section for a link to the issue in the PHP bug tracker! The maintainer already fixed the issu...

Fedora Update for php-pecl-http FEDORA-2016-9

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...