CVE-2016-3078
CRITICAL severity · CVSS 9.8 · Integer overflow
9.8CVSS CRITICAL
Summary
Multiple integer overflows in php_zip.c in the zip extension in PHP before 7.0.6 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted call to (1) getFromIndex or (2) getFromName in the ZipArchive class.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges requiredNone
User interactionNone
Confidentiality impactHigh
Integrity impactHigh
Availability impactHigh
Exploit probability (EPSS)58%
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products we track (1)
Recommendation
Apply the vendor fix promptly. Open any affected product above for its exact safe version.
Official patch: https://github.com/php/php-src/commit/3b8d4de300854b3517c7acb239b84f7726c1353c?w=1 ↗
Additional information
- NVD record
- https://github.com/php/php-src/commit/3b8d4de300854b3517c7acb239b84f7726c1353c?w=1Patch
- https://bugs.php.net/bug.php?id=71923Advisory
- https://php.net/ChangeLog-7.phpAdvisory
- http://www.securitytracker.com/id/1035701Advisory
- https://security-tracker.debian.org/tracker/CVE-2016-3078Advisory
- http://www.openwall.com/lists/oss-security/2016/04/28/1Advisory
- https://www.exploit-db.com/exploits/39742/Advisory