CVE-2016-4343

Severity

68%

Complexity

86%

Confidentiality

106%

CWE-824: Access of Uninitialized Pointer

The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service (uninitialized pointer dereference) or possibly have unspecified other impact via a crafted TAR archive.

CWE-824: Access of Uninitialized Pointer

CVSS 3.0 Base Score 8.8. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

CVSS 2.0 Base Score 6.8. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P).

Overview

Type

PHP

First reported 8 years ago

2016-05-22 01:59:00

Last updated 7 years ago

2018-01-05 02:30:00

Affected Software

PHP PHP

PHP 7.0.0

7.0.0

PHP 7.0.1

7.0.1

PHP 7.0.2

7.0.2

References

openSUSE-SU-2016:1357

http://php.net/ChangeLog-5.php

http://php.net/ChangeLog-7.php

RHSA-2016:2750

[oss-security] 20160428 [CVE Requests] PHP issues

89179

https://bugs.php.net/bug.php?id=71331

Exploit

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.