CVE-2016-5399
published 2017-04-21CVE-2016-5399: The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service…
PriorityP351high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EXPLOIT
EPSS
9.84%
95.0th percentile
The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php | php | <= 5.5.37 | — |
| php | php | >= 5.6.0 < 5.6.24 | 5.6.24 |
| php | php | >= 7.0.0 < 7.0.9 | 7.0.9 |
| php5 | php5 | >= 0 < 5.5.9+dfsg-1ubuntu4.19 | 5.5.9+dfsg-1ubuntu4.19 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_redhat7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3wxp-gf5c-jh8g: The bzread function in ext/bz2/bz2
ghsa_unreviewed·2022-05-14
CVE-2016-5399 [HIGH] CWE-787 GHSA-3wxp-gf5c-jh8g: The bzread function in ext/bz2/bz2
The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive.
OSV
php5, php7.0 vulnerabilities
osv·2016-08-02·CVSS 9.8
CVE-2015-4116 [CRITICAL] php5, php7.0 vulnerabilities
php5, php7.0 vulnerabilities
It was discovered that PHP incorrectly handled certain SplMinHeap::compare
operations. A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service, or possibly execute arbitrary code. This
issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-4116)
It was discovered that PHP incorrectly handled recursive method calls. A
remote attacker could use this issue to cause PHP to crash, resulting in a
denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu
14.04 LTS. (CVE-2015-8873)
It was discovered that PHP incorrectly validated certain Exception objects
when unserializing data. A remote attacker could use this issue to cause
PHP to crash, resulting in a denial of service, or possibly execute
arbitr
OSV
CVE-2016-5399: The bzread function in ext/bz2/bz2
osv·2016-07-22·CVSS 7.8
CVE-2016-5399 [HIGH] CVE-2016-5399: The bzread function in ext/bz2/bz2
The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive.
Ubuntu
PHP vulnerabilities
vendor_ubuntu·2016-08-02·CVSS 9.8
CVE-2015-4116 [CRITICAL] PHP vulnerabilities
Title: PHP vulnerabilities
Summary: Several security issues were fixed in PHP.
It was discovered that PHP incorrectly handled certain SplMinHeap::compare
operations. A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service, or possibly execute arbitrary code. This
issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-4116)
It was discovered that PHP incorrectly handled recursive method calls. A
remote attacker could use this issue to cause PHP to crash, resulting in a
denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu
14.04 LTS. (CVE-2015-8873)
It was discovered that PHP incorrectly validated certain Exception objects
when unserializing data. A remote attacker could use this issue to cause
PHP to crash, resulting
Red Hat
php: Improper error handling in bzread()
vendor_redhat·2016-07-18·CVSS 7.8
CVE-2016-5399 [HIGH] CWE-390 php: Improper error handling in bzread()
php: Improper error handling in bzread()
The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive.
A flaw was found in the way certain error conditions were handled by bzread() function in PHP. An attacker could use this flaw to upload a specially crafted bz2 archive which, when parsed via the vulnerable function, could cause the application to crash or execute arbitrary code with the permissions of the user running the PHP application.
Package: php (Red Hat Enterprise Linux 5) - Will not fix
Package: php53 (Red Hat Enterprise Linux 5) - Will not fix
Package: php (Red Hat Enterprise Linux 6) - Will not fix
Package:
No detection rules found.
Bugzilla
CVE-2016-5399 mingw-bzip2: php, bzip2: Improper error handling in bzread() [fedora-all]
bugzilla·2016-07-20·CVSS 7.8
CVE-2016-5399 [HIGH] CVE-2016-5399 mingw-bzip2: php, bzip2: Improper error handling in bzread() [fedora-all]
CVE-2016-5399 mingw-bzip2: php, bzip2: Improper error handling in bzread() [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported ve
Bugzilla
CVE-2016-5399 php, bzip2: Improper error handling in bzread() [fedora-all]
bugzilla·2016-07-20·CVSS 7.8
CVE-2016-5399 [HIGH] CVE-2016-5399 php, bzip2: Improper error handling in bzread() [fedora-all]
CVE-2016-5399 php, bzip2: Improper error handling in bzread() [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fed
Bugzilla
CVE-2016-5399 php: Improper error handling in bzread()
bugzilla·2016-07-20·CVSS 7.8
CVE-2016-5399 [HIGH] CVE-2016-5399 php: Improper error handling in bzread()
CVE-2016-5399 php: Improper error handling in bzread()
Wrong error handling in bzread() function that possibly leads to code execution was reported.
PHP bug:
https://bugs.php.net/bug.php?id=72613
Discussion:
Acknowledgments:
Name: Hans Jerry Illikainen
---
Created bzip2 tracking bugs for this issue:
Affects: fedora-all [bug 1358401]
---
Created php tracking bugs for this issue:
Affects: fedora-all [bug 1358404]
---
Created mingw-bzip2 tracking bugs for this issue:
Affects: fedora-all [bug 1358402]
Affects: epel-7 [bug 1358403]
---
References:
http://seclists.org/bugtraq/2016/Jul/96
---
I dont think this is a flaw with bzip2, the documentation (http://www.bzip.org/1.0.5/bzip2-manual-1.0.5.html#bzread) clearly states the following:
"BZ2_bzRead will supply len bytes, unle
Bugzilla
CVE-2016-5399 mingw-bzip2: php, bzip2: Improper error handling in bzread() [epel-7]
bugzilla·2016-07-20·CVSS 7.8
CVE-2016-5399 [HIGH] CVE-2016-5399 mingw-bzip2: php, bzip2: Improper error handling in bzread() [epel-7]
CVE-2016-5399 mingw-bzip2: php, bzip2: Improper error handling in bzread() [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
[bug automatically created by: add-tracking-b
Bugzilla
CVE-2016-5399 php: php, bzip2: Improper error handling in bzread() [fedora-all]
bugzilla·2016-07-20·CVSS 7.8
CVE-2016-5399 [HIGH] CVE-2016-5399 php: php, bzip2: Improper error handling in bzread() [fedora-all]
CVE-2016-5399 php: php, bzip2: Improper error handling in bzread() [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions o
http://packetstormsecurity.com/files/137998/PHP-7.0.8-5.6.23-5.5.37-bzread-OOB-Write.htmlhttp://php.net/ChangeLog-5.phphttp://php.net/ChangeLog-7.phphttp://rhn.redhat.com/errata/RHSA-2016-2598.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2750.htmlhttp://seclists.org/fulldisclosure/2016/Jul/72http://www.debian.org/security/2016/dsa-3631http://www.openwall.com/lists/oss-security/2016/07/21/1http://www.securityfocus.com/archive/1/538966/100/0/threadedhttp://www.securityfocus.com/bid/92051http://www.securitytracker.com/id/1036430https://bugs.php.net/bug.php?id=72613https://bugzilla.redhat.com/show_bug.cgi?id=1358395https://security.netapp.com/advisory/ntap-20180112-0001/https://www.exploit-db.com/exploits/40155/http://packetstormsecurity.com/files/137998/PHP-7.0.8-5.6.23-5.5.37-bzread-OOB-Write.htmlhttp://php.net/ChangeLog-5.phphttp://php.net/ChangeLog-7.phphttp://rhn.redhat.com/errata/RHSA-2016-2598.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2750.htmlhttp://seclists.org/fulldisclosure/2016/Jul/72http://www.debian.org/security/2016/dsa-3631http://www.openwall.com/lists/oss-security/2016/07/21/1http://www.securityfocus.com/archive/1/538966/100/0/threadedhttp://www.securityfocus.com/bid/92051http://www.securitytracker.com/id/1036430https://bugs.php.net/bug.php?id=72613https://bugzilla.redhat.com/show_bug.cgi?id=1358395https://security.netapp.com/advisory/ntap-20180112-0001/https://www.exploit-db.com/exploits/40155/
2017-04-21
Published