Vulnerability Name:

CVE-2016-5768 (CCN-114388)

Assigned:2016-06-23
Published:2016-06-23
Updated:2018-01-05
Summary:Double free vulnerability in the _php_mb_regex_ereg_replace_exec function in php_mbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by leveraging a callback exception.
CVSS v3 Severity:9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
6.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
3.7 Low (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
3.2 Low (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
2.6 Low (REDHAT CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-415
CWE-416
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2016-5768

Source: CONFIRM
Type: UNKNOWN
http://github.com/php/php-src/commit/5b597a2e5b28e2d5a52fc1be13f425f08f47cb62?w=1

Source: APPLE
Type: UNKNOWN
APPLE-SA-2016-09-20

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2016:1761

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2016:1922

Source: CONFIRM
Type: Patch, Release Notes
http://php.net/ChangeLog-5.php

Source: CONFIRM
Type: Release Notes
http://php.net/ChangeLog-7.php

Source: CCN
Type: RHSA-2016-2598
Moderate: php security and bug fix update

Source: REDHAT
Type: UNKNOWN
RHSA-2016:2598

Source: CCN
Type: RHSA-2016-2750
Moderate: rh-php56 security, bug fix, and enhancement update

Source: REDHAT
Type: UNKNOWN
RHSA-2016:2750

Source: DEBIAN
Type: UNKNOWN
DSA-3618

Source: CCN
Type: IBM Security Bulletin T1024545 (PowerKVM)
Vulnerabilities in PHP affect PowerKVM

Source: MLIST
Type: Release Notes
[oss-security] 20160623 Re: CVE for PHP 5.5.37 issues

Source: BID
Type: UNKNOWN
91396

Source: CCN
Type: BID-91396
PHP CVE-2016-5768 Double Free Memory Corruption Vulnerability

Source: CCN
Type: PHP Web site
_php_mb_regex_ereg_replace_exec - double free

Source: CONFIRM
Type: Exploit, Vendor Advisory
https://bugs.php.net/bug.php?id=72402

Source: XF
Type: UNKNOWN
php-cve20165768-code-exec(114388)

Source: CONFIRM
Type: UNKNOWN
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731

Source: CCN
Type: Apple security document HT207170
About the security content of macOS Sierra 10.12

Source: CONFIRM
Type: UNKNOWN
https://support.apple.com/HT207170

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2016-5768

Vulnerable Configuration:Configuration 1:
  • cpe:/a:php:php:*:*:*:*:*:*:*:* (Version <= 5.5.36)
  • OR cpe:/a:php:php:5.6.0:alpha1:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.0:alpha2:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.0:alpha3:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.0:alpha4:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.0:alpha5:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.0:beta3:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.0:beta4:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.1:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.2:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.3:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.4:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.5:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.6:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.7:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.8:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.9:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.10:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.11:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.12:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.13:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.14:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.15:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.16:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.17:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.18:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.19:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.20:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.21:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.22:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:7.0.0:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:7.0.1:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:7.0.2:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:7.0.3:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:7.0.4:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:7.0.5:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:7.0.6:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:7.0.7:-:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:php:php:5.5.36:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:powerkvm:3.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:7:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_hpc_node:7:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_server:7:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_workstation:7:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20165768
    V
    		CVE-2016-5768
    2023-06-22
    oval:org.opensuse.security:def:9680
    P
    		Security update for libsndfile (Important)
    2022-01-11
    oval:org.opensuse.security:def:10438
    P
    		Security update for java-1_8_0-ibm (Important) (in QA)
    2022-01-04
    oval:org.opensuse.security:def:9884
    P
    		Security update for go1.17 (Moderate)
    2021-12-23
    oval:org.opensuse.security:def:9634
    P
    		Security update for log4j (Important)
    2021-12-17
    oval:org.opensuse.security:def:10371
    P
    		Security update for the Linux Kernel (Important)
    2021-12-02
    oval:org.opensuse.security:def:10175
    P
    		Security update for webkit2gtk3 (Important)
    2021-11-23
    oval:org.opensuse.security:def:9612
    P
    		Security update for MozillaFirefox (Important)
    2021-11-10
    oval:org.opensuse.security:def:9604
    P
    		Security update for dnsmasq (Moderate)
    2021-10-27
    oval:org.opensuse.security:def:10169
    P
    		Security update for Salt (Moderate)
    2021-10-27
    oval:org.opensuse.security:def:10162
    P
    		Security update for glibc (Moderate)
    2021-10-12
    oval:org.opensuse.security:def:10153
    P
    		Security update for openssl-1_0_0 (Low)
    2021-09-09
    oval:org.opensuse.security:def:10147
    P
    		Security update for xerces-c (Important)
    2021-09-02
    oval:org.opensuse.security:def:11120
    P
    		Security update for libspf2 (Critical)
    2021-08-25
    oval:org.opensuse.security:def:10139
    P
    		Security update for djvulibre (Important)
    2021-08-20
    oval:org.opensuse.security:def:14178
    P
    		kbd-1.15.5-8.7.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:14271
    P
    		libpcsclite1-1.8.10-6.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:14000
    P
    		patch-2.7.5-7.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:14085
    P
    		apache2-mod_jk-1.2.40-5.2 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:14258
    P
    		libmspack0-0.4-14.4 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:14931
    P
    		java-1_7_0-openjdk-1.7.0.231-43.27.2 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:13932
    P
    		libmysqlclient18-10.0.27-12.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:14066
    P
    		xorg-x11-7.6_1-14.17 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:14247
    P
    		libksba8-1.3.0-23.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:14203
    P
    		libXtst6-1.2.2-7.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:14909
    P
    		groff-1.22.2-5.287 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:13910
    P
    		libidn-tools-1.28-4.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:13902
    P
    		libgnomesu-2.0.0-353.6.2 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:14048
    P
    		tomcat-8.0.36-11.4 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:9761
    P
    		Security update for nodejs8 (Important)
    2021-08-05
    oval:org.opensuse.security:def:11098
    P
    		Security update for claws-mail (Moderate)
    2021-07-16
    oval:org.opensuse.security:def:38660
    P
    		Security update for MozillaFirefox (Important)
    2021-07-16
    oval:org.opensuse.security:def:10296
    P
    		Security update for go1.15 (Important)
    2021-06-30
    oval:org.opensuse.security:def:10111
    P
    		Security update for openexr (Important)
    2021-06-24
    oval:org.opensuse.security:def:9742
    P
    		Security update for openexr (Important)
    2021-06-24
    oval:org.opensuse.security:def:38699
    P
    		Security update for apache2 (Important)
    2021-06-17
    oval:org.opensuse.security:def:9727
    P
    		Security update for ucode-intel (Important)
    2021-06-10
    oval:org.opensuse.security:def:10277
    P
    		Security update for spice-gtk (Moderate)
    2021-06-10
    oval:org.opensuse.security:def:124640
    P
    		php5-devel-5.5.14-109.41.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:16639
    P
    		procps-devel-3.3.9-11.14.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:16631
    P
    		pam-devel-1.1.8-24.14.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:16098
    P
    		php5-devel-5.5.14-73.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:16992
    P
    		ImageMagick-6.8.8.1-5.21 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:17115
    P
    		libFLAC++6-32bit-1.3.0-11.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:16348
    P
    		php5-devel-5.5.14-108.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:17093
    P
    		NetworkManager-1.0.12-8.6 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:16634
    P
    		php5-devel-5.5.14-109.41.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:16673
    P
    		yast2-core-devel-3.3.1-1.7 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:17081
    P
    		libvirt-client-32bit-1.2.18.1-4.22 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:17024
    P
    		libreoffice-4.3.1.2-3.7 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:10086
    P
    		Security update for dhcp (Important)
    2021-06-02
    oval:org.opensuse.security:def:10262
    P
    		Security update for curl (Moderate)
    2021-05-31
    oval:org.opensuse.security:def:38611
    P
    		Security update for ImageMagick (Moderate)
    2021-04-20
    oval:org.opensuse.security:def:9862
    P
    		Security update for openssl-1_1 (Moderate)
    2021-03-09
    oval:org.opensuse.security:def:9861
    P
    		Security update for the Linux Kernel (Important)
    2021-03-09
    oval:org.opensuse.security:def:10215
    P
    		Security update for python-cryptography (Important)
    2021-03-03
    oval:org.opensuse.security:def:9854
    P
    		Security update for grub2 (Important)
    2021-03-02
    oval:org.opensuse.security:def:10396
    P
    		Security update for php7 (Important)
    2021-02-24
    oval:org.opensuse.security:def:9836
    P
    		Security update for subversion (Important)
    2021-02-10
    oval:org.opensuse.security:def:10585
    P
    		Security update for the Linux Kernel (Important)
    2020-12-09
    oval:org.opensuse.security:def:16815
    P
    		libgcrypt-devel-1.6.1-16.68.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:16758
    P
    		id3lib-3.8.3-261.119 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:16882
    P
    		libreoffice-sdk-6.2.7.1-43.56.3 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:16846
    P
    		libmspack-devel-0.4-14.4 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:17753
    P
    		Security update for mozilla-nss (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:9992
    P
    		squid on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10447
    P
    		gnome-settings-daemon-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38005
    P
    		mipv6d on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10813
    P
    		libxml2-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38302
    P
    		libidn-tools on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:9925
    P
    		libtasn1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:39409
    P
    		Security update for smt (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:9977
    P
    		python-pywbem on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37921
    P
    		libmusicbrainz4 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37909
    P
    		liblcms1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38244
    P
    		libQt5WebKit5 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:9912
    P
    		libqt4 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38552
    P
    		avahi on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38771
    P
    		perl-Config-IniFiles on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:9930
    P
    		libupsclient1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:17779
    P
    		Security update for php5 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37910
    P
    		libldap-2_4-2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10011
    P
    		vsftpd on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10460
    P
    		lhasa-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38142
    P
    		bubblewrap on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:9903
    P
    		libpng15-15 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10835
    P
    		php5-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38392
    P
    		libvirt on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10563
    P
    		libxcb-composite0 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38727
    P
    		libspice-client-glib-2_0-8 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:39451
    P
    		Security update for php5 (Moderate)
    2020-12-01
    oval:com.redhat.rhsa:def:20162598
    P
    		RHSA-2016:2598: php security and bug fix update (Moderate)
    2016-11-03
    oval:org.cisecurity:def:975
    P
    		DSA-3618-1 -- php5 -- security update
    2016-08-26
    oval:com.ubuntu.precise:def:20165768000
    V
    		CVE-2016-5768 on Ubuntu 12.04 LTS (precise) - medium.
    2016-08-07
    oval:com.ubuntu.trusty:def:20165768000
    V
    		CVE-2016-5768 on Ubuntu 14.04 LTS (trusty) - medium.
    2016-08-07
    oval:com.ubuntu.xenial:def:201657680000000
    V
    		CVE-2016-5768 on Ubuntu 16.04 LTS (xenial) - medium.
    2016-08-07
    oval:com.ubuntu.xenial:def:20165768000
    V
    		CVE-2016-5768 on Ubuntu 16.04 LTS (xenial) - medium.
    2016-08-07
    BACK
    php php *
    php php 5.6.0 alpha1
    php php 5.6.0 alpha2
    php php 5.6.0 alpha3
    php php 5.6.0 alpha4
    php php 5.6.0 alpha5
    php php 5.6.0 beta1
    php php 5.6.0 beta2
    php php 5.6.0 beta3
    php php 5.6.0 beta4
    php php 5.6.1
    php php 5.6.2
    php php 5.6.3
    php php 5.6.4
    php php 5.6.5
    php php 5.6.6
    php php 5.6.7
    php php 5.6.8
    php php 5.6.9
    php php 5.6.10
    php php 5.6.11
    php php 5.6.12
    php php 5.6.13
    php php 5.6.14
    php php 5.6.15
    php php 5.6.16
    php php 5.6.17
    php php 5.6.18
    php php 5.6.19
    php php 5.6.20
    php php 5.6.21
    php php 5.6.22
    php php 7.0.0
    php php 7.0.1
    php php 7.0.2
    php php 7.0.3
    php php 7.0.4
    php php 7.0.5
    php php 7.0.6
    php php 7.0.7
    php php 5.5.36
    ibm powerkvm 3.1
    redhat enterprise linux desktop 7
    redhat enterprise linux hpc node 7
    redhat enterprise linux server 7
    redhat enterprise linux workstation 7