CVE-2016-7398 - OpenCVE

A type confusion vulnerability in the merge_param() function of php_http_params.c in PHP's pecl-http extension 3.1.0beta2 (PHP 7) and earlier as well as 2.6.0beta2 (PHP 5) and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Php	Ext-http

Configuration 1 [-]

OR	cpe:2.3:a:php:ext-http::::::::
	cpe:2.3:a:php:ext-http::::::::
	cpe:2.3:a:php:ext-http:2.6.0:-::::::
	cpe:2.3:a:php:ext-http:2.6.0:beta1::::::
	cpe:2.3:a:php:ext-http:2.6.0:beta2::::::
	cpe:2.3:a:php:ext-http:2.6.0:rc1::::::
	cpe:2.3:a:php:ext-http:3.1.0:::::::*
	cpe:2.3:a:php:ext-http:3.1.0:beta1::::::
	cpe:2.3:a:php:ext-http:3.1.0:beta2::::::
	cpe:2.3:a:php:ext-http:3.1.0:rc1::::::

References

Link	Resource
https://bugs.php.net/bug.php?id=73055	Exploit Mailing List Vendor Advisory
https://bugs.php.net/bug.php?id=73055&edit=1	Exploit Vendor Advisory
https://github.com/m6w6/ext-http/commit/17137d4ab1ce81a2cee0fae842340a344ef3da83	Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/09/msg00022.html

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-09-06T18:46:53

Updated: 2019-09-20T20:06:12

Reserved: 2016-09-09T00:00:00

Link: CVE-2016-7398

JSON object: View

NVD Information

Status : Modified

Published: 2019-09-06T19:15:11.387

Modified: 2019-09-20T21:15:11.120

Link: CVE-2016-7398

JSON object: View

Redhat Information

No data.

CWE

CWE-704

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "A type confusion vulnerability in the merge_param() function of php_http_params.c in PHP's pecl-http extension 3.1.0beta2 (PHP 7) and earlier as well as 2.6.0beta2 (PHP 5) and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-09-20T20:06:12", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugs.php.net/bug.php?id=73055"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/m6w6/ext-http/commit/17137d4ab1ce81a2cee0fae842340a344ef3da83"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.php.net/bug.php?id=73055&edit=1"}, {"name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1929-1] php-pecl-http security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00022.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-7398", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A type confusion vulnerability in the merge_param() function of php_http_params.c in PHP's pecl-http extension 3.1.0beta2 (PHP 7) and earlier as well as 2.6.0beta2 (PHP 5) and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugs.php.net/bug.php?id=73055", "refsource": "MISC", "url": "https://bugs.php.net/bug.php?id=73055"}, {"name": "https://github.com/m6w6/ext-http/commit/17137d4ab1ce81a2cee0fae842340a344ef3da83", "refsource": "MISC", "url": "https://github.com/m6w6/ext-http/commit/17137d4ab1ce81a2cee0fae842340a344ef3da83"}, {"name": "https://bugs.php.net/bug.php?id=73055&edit=1", "refsource": "MISC", "url": "https://bugs.php.net/bug.php?id=73055&edit=1"}, {"name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1929-1] php-pecl-http security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00022.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-7398", "datePublished": "2019-09-06T18:46:53", "dateReserved": "2016-09-09T00:00:00", "dateUpdated": "2019-09-20T20:06:12", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:ext-http:*:*:*:*:*:*:*:*", "matchCriteriaId": "14147AA2-88B6-4FB1-85D2-B5E6303A01E1", "versionEndIncluding": "2.5.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:ext-http:*:*:*:*:*:*:*:*", "matchCriteriaId": "5F6F5342-02E9-47D8-9A78-C5500316CF32", "versionEndIncluding": "3.0.1", "versionStartIncluding": "3.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:ext-http:2.6.0:-:*:*:*:*:*:*", "matchCriteriaId": "002D0A5C-AC9C-4834-853F-E654007B6E9B", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:ext-http:2.6.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "2553E007-B037-4864-8422-07E258479C66", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:ext-http:2.6.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "665FFBDD-7A2C-49C2-A773-93F4C359FE89", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:ext-http:2.6.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "6D58B96D-6D9B-47FB-AE57-D933F08B3C1B", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:ext-http:3.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "EB488CE3-0E47-4A13-9B8A-841DEE172E32", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:ext-http:3.1.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "D31B18B2-5326-489D-99A5-CFB9524CAB12", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:ext-http:3.1.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "C15E183A-FFF4-4F72-8961-F8A7194B9E13", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:ext-http:3.1.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "623E4BBF-D8E3-48F4-AC70-4AD4AD232BD5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A type confusion vulnerability in the merge_param() function of php_http_params.c in PHP's pecl-http extension 3.1.0beta2 (PHP 7) and earlier as well as 2.6.0beta2 (PHP 5) and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests."}, {"lang": "es", "value": "Una vulnerabilidad de confusi\u00f3n de tipo en la funci\u00f3n merge_param() del archivo php_http_params.c en la extensi\u00f3n pecl-http de PHP versi\u00f3n 3.1.0beta2 (PHP 7) y anteriores, as\u00ed como tambi\u00e9n versi\u00f3n 2.6.0beta2 (PHP 5) y anteriores, permite a atacantes bloquear PHP y posiblemente ejecutar c\u00f3digo arbitrario por medio de peticiones HTTP creadas."}], "id": "CVE-2016-7398", "lastModified": "2019-09-20T21:15:11.120", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-09-06T19:15:11.387", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Vendor Advisory"], "url": "https://bugs.php.net/bug.php?id=73055"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "https://bugs.php.net/bug.php?id=73055&edit=1"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/m6w6/ext-http/commit/17137d4ab1ce81a2cee0fae842340a344ef3da83"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00022.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-704"}], "source": "nvd@nist.gov", "type": "Primary"}]}