CVE-2016-7418 - OpenCVE

The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Php	Php

Configuration 1 [-]

OR	cpe:2.3:a:php:php::::::::
	cpe:2.3:a:php:php:7.0.0:::::::*
	cpe:2.3:a:php:php:7.0.1:::::::*
	cpe:2.3:a:php:php:7.0.2:::::::*
	cpe:2.3:a:php:php:7.0.3:::::::*
	cpe:2.3:a:php:php:7.0.4:::::::*
	cpe:2.3:a:php:php:7.0.5:::::::*
	cpe:2.3:a:php:php:7.0.6:::::::*
	cpe:2.3:a:php:php:7.0.7:::::::*
	cpe:2.3:a:php:php:7.0.8:::::::*
	cpe:2.3:a:php:php:7.0.9:::::::*
	cpe:2.3:a:php:php:7.0.10:::::::*

References

Link	Resource
http://www.openwall.com/lists/oss-security/2016/09/15/10	Mailing List
http://www.php.net/ChangeLog-5.php	Release Notes
http://www.php.net/ChangeLog-7.php	Release Notes
http://www.securityfocus.com/bid/93011
http://www.securitytracker.com/id/1036836
https://access.redhat.com/errata/RHSA-2018:1296
https://bugs.php.net/bug.php?id=73065	Exploit Issue Tracking
https://github.com/php/php-src/commit/c4cca4c20e75359c9a13a1f9a36cb7b4e9601d29?w=1	Issue Tracking Patch
https://security.gentoo.org/glsa/201611-22
https://www.tenable.com/security/tns-2016-19

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2016-09-17T21:00:00

Updated: 2018-05-03T09:57:01

Reserved: 2016-09-09T00:00:00

Link: CVE-2016-7418

JSON object: View

NVD Information

Status : Modified

Published: 2016-09-17T21:59:10.590

Modified: 2018-05-04T01:29:01.737

Link: CVE-2016-7418

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-09-15T00:00:00", "descriptions": [{"lang": "en", "value": "The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-05-03T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/php/php-src/commit/c4cca4c20e75359c9a13a1f9a36cb7b4e9601d29?w=1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.php.net/ChangeLog-7.php"}, {"name": "GLSA-201611-22", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201611-22"}, {"name": "1036836", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1036836"}, {"name": "[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/09/15/10"}, {"name": "RHSA-2018:1296", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:1296"}, {"name": "93011", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/93011"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.php.net/ChangeLog-5.php"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.tenable.com/security/tns-2016-19"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.php.net/bug.php?id=73065"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-7418", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/php/php-src/commit/c4cca4c20e75359c9a13a1f9a36cb7b4e9601d29?w=1", "refsource": "CONFIRM", "url": "https://github.com/php/php-src/commit/c4cca4c20e75359c9a13a1f9a36cb7b4e9601d29?w=1"}, {"name": "http://www.php.net/ChangeLog-7.php", "refsource": "CONFIRM", "url": "http://www.php.net/ChangeLog-7.php"}, {"name": "GLSA-201611-22", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201611-22"}, {"name": "1036836", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1036836"}, {"name": "[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/09/15/10"}, {"name": "RHSA-2018:1296", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1296"}, {"name": "93011", "refsource": "BID", "url": "http://www.securityfocus.com/bid/93011"}, {"name": "http://www.php.net/ChangeLog-5.php", "refsource": "CONFIRM", "url": "http://www.php.net/ChangeLog-5.php"}, {"name": "https://www.tenable.com/security/tns-2016-19", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/tns-2016-19"}, {"name": "https://bugs.php.net/bug.php?id=73065", "refsource": "CONFIRM", "url": "https://bugs.php.net/bug.php?id=73065"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-7418", "datePublished": "2016-09-17T21:00:00", "dateReserved": "2016-09-09T00:00:00", "dateUpdated": "2018-05-03T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "D860D77C-575A-48A1-9475-485D26EF5E41", "versionEndIncluding": "5.6.25", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "DB6890AF-8A0A-46EE-AAD5-CF9AAE14A321", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "6B90B947-7B54-47F3-9637-2F4AC44079EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "35848414-BD5D-4164-84DC-61ABBB1C4152", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:7.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "2B1F8402-8551-4F66-A9A7-81D472AB058E", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:7.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "7A773E8E-48CD-4D35-A0FD-629BD9334486", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:7.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "FC492340-79AF-4676-A161-079A97EC6F0C", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:7.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "F1C2D8FE-C380-4B43-B634-A3DBA4700A71", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:7.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "3EB58393-0C10-413C-8D95-6BAA8BC19A1B", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:7.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "751F51CA-9D88-4971-A6EC-8C0B72E8E22B", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:7.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "37B74118-8FC2-44CB-9673-A83DF777B2E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:7.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "4D56A200-1477-40DA-9444-CFC946157C69", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call."}, {"lang": "es", "value": "La funci\u00f3n php_wddx_push_element en ext/wddx/wddx.c en PHP en versiones anteriores a 5.6.26 y 7.x en versiones anteriores a 7.0.11 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (acceso a puntero no v\u00e1lido y lectura fuera de l\u00edmites) o tener otro posible impacto no especificado a trav\u00e9s de un elemento booleano incorrecto en un documento XML wddxPacket, produciendo una manejo incorrecto en una llamada wddx_deserialize."}], "id": "CVE-2016-7418", "lastModified": "2018-05-04T01:29:01.737", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-09-17T21:59:10.590", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2016/09/15/10"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "http://www.php.net/ChangeLog-5.php"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "http://www.php.net/ChangeLog-7.php"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/93011"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1036836"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2018:1296"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking"], "url": "https://bugs.php.net/bug.php?id=73065"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/php/php-src/commit/c4cca4c20e75359c9a13a1f9a36cb7b4e9601d29?w=1"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201611-22"}, {"source": "cve@mitre.org", "url": "https://www.tenable.com/security/tns-2016-19"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}