Search criteria
2 vulnerabilities found for ext-http by php
CVE-2016-7398 (GCVE-0-2016-7398)
Vulnerability from nvd – Published: 2019-09-06 18:46 – Updated: 2024-08-06 01:57
VLAI
Summary
A type confusion vulnerability in the merge_param() function of php_http_params.c in PHP's pecl-http extension 3.1.0beta2 (PHP 7) and earlier as well as 2.6.0beta2 (PHP 5) and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://bugs.php.net/bug.php?id=73055 | x_refsource_MISC |
| https://github.com/m6w6/ext-http/commit/17137d4ab… | x_refsource_MISC |
| https://bugs.php.net/bug.php?id=73055&edit=1 | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2019… | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=73055"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/m6w6/ext-http/commit/17137d4ab1ce81a2cee0fae842340a344ef3da83"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=73055\u0026edit=1"
},
{
"name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1929-1] php-pecl-http security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A type confusion vulnerability in the merge_param() function of php_http_params.c in PHP\u0027s pecl-http extension 3.1.0beta2 (PHP 7) and earlier as well as 2.6.0beta2 (PHP 5) and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-20T20:06:12.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.php.net/bug.php?id=73055"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/m6w6/ext-http/commit/17137d4ab1ce81a2cee0fae842340a344ef3da83"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.php.net/bug.php?id=73055\u0026edit=1"
},
{
"name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1929-1] php-pecl-http security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7398",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A type confusion vulnerability in the merge_param() function of php_http_params.c in PHP\u0027s pecl-http extension 3.1.0beta2 (PHP 7) and earlier as well as 2.6.0beta2 (PHP 5) and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.php.net/bug.php?id=73055",
"refsource": "MISC",
"url": "https://bugs.php.net/bug.php?id=73055"
},
{
"name": "https://github.com/m6w6/ext-http/commit/17137d4ab1ce81a2cee0fae842340a344ef3da83",
"refsource": "MISC",
"url": "https://github.com/m6w6/ext-http/commit/17137d4ab1ce81a2cee0fae842340a344ef3da83"
},
{
"name": "https://bugs.php.net/bug.php?id=73055\u0026edit=1",
"refsource": "MISC",
"url": "https://bugs.php.net/bug.php?id=73055\u0026edit=1"
},
{
"name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1929-1] php-pecl-http security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7398",
"datePublished": "2019-09-06T18:46:53.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:57:47.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7398 (GCVE-0-2016-7398)
Vulnerability from cvelistv5 – Published: 2019-09-06 18:46 – Updated: 2024-08-06 01:57
VLAI
Summary
A type confusion vulnerability in the merge_param() function of php_http_params.c in PHP's pecl-http extension 3.1.0beta2 (PHP 7) and earlier as well as 2.6.0beta2 (PHP 5) and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://bugs.php.net/bug.php?id=73055 | x_refsource_MISC |
| https://github.com/m6w6/ext-http/commit/17137d4ab… | x_refsource_MISC |
| https://bugs.php.net/bug.php?id=73055&edit=1 | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2019… | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=73055"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/m6w6/ext-http/commit/17137d4ab1ce81a2cee0fae842340a344ef3da83"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=73055\u0026edit=1"
},
{
"name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1929-1] php-pecl-http security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A type confusion vulnerability in the merge_param() function of php_http_params.c in PHP\u0027s pecl-http extension 3.1.0beta2 (PHP 7) and earlier as well as 2.6.0beta2 (PHP 5) and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-20T20:06:12.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.php.net/bug.php?id=73055"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/m6w6/ext-http/commit/17137d4ab1ce81a2cee0fae842340a344ef3da83"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.php.net/bug.php?id=73055\u0026edit=1"
},
{
"name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1929-1] php-pecl-http security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7398",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A type confusion vulnerability in the merge_param() function of php_http_params.c in PHP\u0027s pecl-http extension 3.1.0beta2 (PHP 7) and earlier as well as 2.6.0beta2 (PHP 5) and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.php.net/bug.php?id=73055",
"refsource": "MISC",
"url": "https://bugs.php.net/bug.php?id=73055"
},
{
"name": "https://github.com/m6w6/ext-http/commit/17137d4ab1ce81a2cee0fae842340a344ef3da83",
"refsource": "MISC",
"url": "https://github.com/m6w6/ext-http/commit/17137d4ab1ce81a2cee0fae842340a344ef3da83"
},
{
"name": "https://bugs.php.net/bug.php?id=73055\u0026edit=1",
"refsource": "MISC",
"url": "https://bugs.php.net/bug.php?id=73055\u0026edit=1"
},
{
"name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1929-1] php-pecl-http security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7398",
"datePublished": "2019-09-06T18:46:53.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:57:47.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}