CVE-2016-4538

Published: May 22, 2016Modified: May 6, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 modifies certain data structures without considering whether they are copies of the _zero_, _one_, or _two_ global variable, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call.

Affected (30)

Products: Php: Php · Fedoraproject: Fedora · Opensuse: Leap

1 product

1 product

1 product

Configuration A

28 vulnerable

Vulnerable Software	Affected Versions
Php Php	Up to 5.5.33
Php Php	Version 5.6.0
Php Php	Version 5.6.10
Php Php	Version 5.6.11
Php Php	Version 5.6.12
Php Php	Version 5.6.13
Php Php	Version 5.6.14
Php Php	Version 5.6.15
Php Php	Version 5.6.16
Php Php	Version 5.6.17
Php Php	Version 5.6.18
Php Php	Version 5.6.19
Php Php	Version 5.6.1
Php Php	Version 5.6.20
Php Php	Version 5.6.2
Php Php	Version 5.6.3
Php Php	Version 5.6.4
Php Php	Version 5.6.5
Php Php	Version 5.6.6
Php Php	Version 5.6.7
Php Php	Version 5.6.8
Php Php	Version 5.6.9
Php Php	Version 7.0.0
Php Php	Version 7.0.1
Php Php	Version 7.0.2
Php Php	Version 7.0.3
Php Php	Version 7.0.4
Php Php	Version 7.0.5

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 24

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 42.1

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (30)

http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183736.html

Source: security@debian.org

http://lists.opensuse.org/opensuse-updates/2016-05/msg00086.html

Source: security@debian.org

http://lists.opensuse.org/opensuse-updates/2016-06/msg00027.html

Source: security@debian.org

http://php.net/ChangeLog-5.php

Source: security@debian.org

Patch

http://php.net/ChangeLog-7.php

Source: security@debian.org

Patch

http://rhn.redhat.com/errata/RHSA-2016-2750.html

Source: security@debian.org

http://www.debian.org/security/2016/dsa-3602

Source: security@debian.org

http://www.openwall.com/lists/oss-security/2016/05/05/21

Source: security@debian.org

http://www.securityfocus.com/bid/90173

Source: security@debian.org

https://bugs.php.net/bug.php?id=72093

Source: security@debian.org

Exploit

https://git.php.net/?p=php-src.git%3Ba=commit%3Bh=d650063a0457aec56364e4005a636dc6c401f9cd

Source: security@debian.org

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731

Source: security@debian.org

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149

Source: security@debian.org

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

Source: security@debian.org

https://security.gentoo.org/glsa/201611-22

Source: security@debian.org

http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183736.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-updates/2016-05/msg00086.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-updates/2016-06/msg00027.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://php.net/ChangeLog-5.php

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://php.net/ChangeLog-7.php

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://rhn.redhat.com/errata/RHSA-2016-2750.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2016/dsa-3602

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2016/05/05/21

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/90173

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.php.net/bug.php?id=72093

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://git.php.net/?p=php-src.git%3Ba=commit%3Bh=d650063a0457aec56364e4005a636dc6c401f9cd

Source: af854a3a-2127-422b-91ae-364da2661108

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731

Source: af854a3a-2127-422b-91ae-364da2661108

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149

Source: af854a3a-2127-422b-91ae-364da2661108

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/201611-22

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.