| Vulnerability Name: | CVE-2016-3132 (CCN-116258) | ||||||||||||||||||||
| Assigned: | 2016-08-07 | ||||||||||||||||||||
| Published: | 2016-08-07 | ||||||||||||||||||||
| Updated: | 2016-11-28 | ||||||||||||||||||||
| Summary: | Double free vulnerability in the SplDoublyLinkedList::offsetSet function in ext/spl/spl_dllist.c in PHP 7.x before 7.0.6 allows remote attackers to execute arbitrary code via a crafted index. | ||||||||||||||||||||
| CVSS v3 Severity: | 9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) 8.8 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)
8.8 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)
| ||||||||||||||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||||||||||
| Vulnerability Type: | CWE-415 | ||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2016-3132 Source: CONFIRM Type: Patch http://github.com/php/php-src/commit/28a6ed9f9a36b9c517e4a8a429baf4dd382fc5d5?w=1 Source: BID Type: UNKNOWN 92356 Source: CCN Type: BID-92356 PHP CVE-2016-3132 Double Free Memory Corruption Vulnerability Source: CCN Type: PHP Web site Double-free in SplDoublyLinkedList::offsetSet Source: CONFIRM Type: Exploit https://bugs.php.net/bug.php?id=71735 Source: XF Type: UNKNOWN php-cve20163132-code-exec(116258) Source: CONFIRM Type: Patch, Release Notes https://php.net/ChangeLog-7.php Source: CCN Type: PHP Web Site PHP 7.0.6 Source: CONFIRM Type: Third Party Advisory, VDB Entry https://security-tracker.debian.org/tracker/CVE-2016-3132 Source: CCN Type: WhiteSource Vulnerability Database CVE-2016-3132 | ||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||
| |||||||||||||||||||||
| BACK | |||||||||||||||||||||