SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

Download | Alert*

CVE

CVE-2016-4541

The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:		CVSS V2 Severity:
CVSS Score : 9.8		CVSS Score : 7.5
Exploit Score: 3.9		Exploit Score: 10.0
Impact Score: 5.9		Impact Score: 6.4

CVSS V3 Metrics:		CVSS V2 Metrics:
Attack Vector: NETWORK		Access Vector: NETWORK
Attack Complexity: LOW		Access Complexity: LOW
Privileges Required: NONE		Authentication: NONE
User Interaction: NONE		Confidentiality: PARTIAL
Scope: UNCHANGED		Integrity: PARTIAL
Confidentiality: HIGH		Availability: PARTIAL
Integrity: HIGH
Availability: HIGH

Reference:

BID-90172

DSA-3602

FEDORA-2016-f4e73663f4

GLSA-201611-22

RHSA-2016:2750

http://www.openwall.com/lists/oss-security/2016/05/05/21

http://php.net/ChangeLog-5.php

http://php.net/ChangeLog-7.php

https://bugs.php.net/bug.php?id=72061

https://git.php.net/?p=php-src.git%3Ba=commit%3Bh=fd9689745c44341b1bd6af4756f324be8abba2fb

https://git.php.net/?p=php-src.git;a=commit;h=fd9689745c44341b1bd6af4756f324be8abba2fb

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

openSUSE-SU-2016:1357

openSUSE-SU-2016:1524


30430



423868



247621



909



194512



282