← Back

CVE-2016-7398

nvd nist
Published: Sep 6, 2019Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

A type confusion vulnerability in the merge_param() function of php_http_params.c in PHP's pecl-http extension 3.1.0beta2 (PHP 7) and earlier as well as 2.6.0beta2 (PHP 5) and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests.

Affected (10)

Products: Php: Ext Http
1 product
Ext Http
Configuration A
10 vulnerable
Vulnerable SoftwareAffected Versions
Php
Up to 2.5.6
From 3.0.0 to 3.0.1
Version 2.6.0
Version 2.6.0 beta1
Version 2.6.0 beta2
Version 2.6.0 rc1
Version 3.1.0
Version 3.1.0 beta1
Version 3.1.0 beta2
Version 3.1.0 rc1

References (8)

Source: cve@mitre.org
ExploitMailing ListVendor Advisory
Source: cve@mitre.org
ExploitVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitMailing ListVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.