Vulnerability Name:

CVE-2016-3078 (CCN-112788)

Assigned:2016-04-28
Published:2016-04-28
Updated:2022-07-20
Summary:Multiple integer overflows in php_zip.c in the zip extension in PHP before 7.0.6 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted call to (1) getFromIndex or (2) getFromName in the ZipArchive class.
CVSS v3 Severity:9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.8 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
6.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)
5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
6.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-190
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2016-3078

Source: CCN
Type: BugTraq Mailing List, Thu, 28 Apr 2016 14:44:18 +0700
CVE-2016-3078: php: integer overflow in ZipArchive::getFrom*

Source: MLIST
Type: Exploit, Mailing List, Third Party Advisory
[oss-security] 20160428 CVE-2016-3078: php: integer overflow in ZipArchive::getFrom*

Source: SECTRACK
Type: Broken Link, Third Party Advisory, VDB Entry
1035701

Source: CONFIRM
Type: Exploit, Issue Tracking, Vendor Advisory
https://bugs.php.net/bug.php?id=71923

Source: XF
Type: UNKNOWN
php-cve20163078-overflow(112788)

Source: CONFIRM
Type: Patch, Third Party Advisory
https://github.com/php/php-src/commit/3b8d4de300854b3517c7acb239b84f7726c1353c?w=1

Source: CCN
Type: Packet Storm Security [04-28-2016]
PHP 7.x Heap Overflow

Source: CCN
Type: PHP Web site
PHP: Hypertext Preprocessor

Source: CONFIRM
Type: Release Notes, Vendor Advisory
https://php.net/ChangeLog-7.php

Source: CONFIRM
Type: Third Party Advisory
https://security-tracker.debian.org/tracker/CVE-2016-3078

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [04-28-2016]

Source: EXPLOIT-DB
Type: Exploit, Third Party Advisory, VDB Entry
39742

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2016-3078

Vulnerable Configuration:Configuration 1:
  • cpe:/a:php:php:*:*:*:*:*:*:*:* (Version >= 7.0.0 and < 7.0.6)

    • Configuration CCN 1:
  • cpe:/a:php:php:7.0.5:-:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:com.ubuntu.precise:def:20163078000
    V
    		CVE-2016-3078 on Ubuntu 12.04 LTS (precise) - medium.
    2016-08-07
    oval:com.ubuntu.trusty:def:20163078000
    V
    		CVE-2016-3078 on Ubuntu 14.04 LTS (trusty) - medium.
    2016-08-07
    oval:com.ubuntu.xenial:def:20163078000
    V
    		CVE-2016-3078 on Ubuntu 16.04 LTS (xenial) - medium.
    2016-08-07
    oval:com.ubuntu.xenial:def:201630780000000
    V
    		CVE-2016-3078 on Ubuntu 16.04 LTS (xenial) - medium.
    2016-08-07
    BACK
    php php *
    php php 7.0.5