Vulnerability-Lookup

CNVD-2019-31199

Vulnerability from cnvd - Published: 2019-09-12

Title

PHP pecl-http extension缓冲区溢出漏洞

Description

PHP（PHP：Hypertext Preprocessor，PHP：超文本预处理器）是PHPGroup和开放源代码社区的共同维护的一种开源的通用计算机脚本语言。该语言主要用于Web开发，支持多种数据库及操作系统。pecl-http extension是其中的一个HTTP请求处理扩展模块。 PHP的pecl-http extension 3.1.0beta2及之前版本(PHP 7)和2.6.0beta2及之版本(PHP 5)中的php_http_params.c文件的‘merge_param()’函数存在缓冲区溢出漏洞，攻击者可借助特制的HTTP请求利用该漏洞执行任意代码。

Severity

高

Patch Name

PHP pecl-http extension缓冲区溢出漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://github.com/m6w6/ext-http/commit/17137d4ab1ce81a2cee0fae842340a344ef3da83

Reference

https://github.com/m6w6/ext-http/commit/17137d4ab1ce81a2cee0fae842340a344ef3da83 https://bugs.php.net/bug.php?id=73055&edit=1 https://nvd.nist.gov/vuln/detail/CVE-2016-7398

Impacted products

Name
['PHPGroup pecl-http extension <=3.1.0beta2', 'PHPGroup pecl-http extension <=2.6.0beta2']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-7398"
    }
  },
  "description": "PHP\uff08PHP\uff1aHypertext Preprocessor\uff0cPHP\uff1a\u8d85\u6587\u672c\u9884\u5904\u7406\u5668\uff09\u662fPHPGroup\u548c\u5f00\u653e\u6e90\u4ee3\u7801\u793e\u533a\u7684\u5171\u540c\u7ef4\u62a4\u7684\u4e00\u79cd\u5f00\u6e90\u7684\u901a\u7528\u8ba1\u7b97\u673a\u811a\u672c\u8bed\u8a00\u3002\u8be5\u8bed\u8a00\u4e3b\u8981\u7528\u4e8eWeb\u5f00\u53d1\uff0c\u652f\u6301\u591a\u79cd\u6570\u636e\u5e93\u53ca\u64cd\u4f5c\u7cfb\u7edf\u3002pecl-http extension\u662f\u5176\u4e2d\u7684\u4e00\u4e2aHTTP\u8bf7\u6c42\u5904\u7406\u6269\u5c55\u6a21\u5757\u3002\n\nPHP\u7684pecl-http extension 3.1.0beta2\u53ca\u4e4b\u524d\u7248\u672c(PHP 7)\u548c2.6.0beta2\u53ca\u4e4b\u7248\u672c(PHP 5)\u4e2d\u7684php_http_params.c\u6587\u4ef6\u7684\u2018merge_param()\u2019\u51fd\u6570\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684HTTP\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "unknown",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/m6w6/ext-http/commit/17137d4ab1ce81a2cee0fae842340a344ef3da83",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-31199",
  "openTime": "2019-09-12",
  "patchDescription": "PHP\uff08PHP\uff1aHypertext Preprocessor\uff0cPHP\uff1a\u8d85\u6587\u672c\u9884\u5904\u7406\u5668\uff09\u662fPHPGroup\u548c\u5f00\u653e\u6e90\u4ee3\u7801\u793e\u533a\u7684\u5171\u540c\u7ef4\u62a4\u7684\u4e00\u79cd\u5f00\u6e90\u7684\u901a\u7528\u8ba1\u7b97\u673a\u811a\u672c\u8bed\u8a00\u3002\u8be5\u8bed\u8a00\u4e3b\u8981\u7528\u4e8eWeb\u5f00\u53d1\uff0c\u652f\u6301\u591a\u79cd\u6570\u636e\u5e93\u53ca\u64cd\u4f5c\u7cfb\u7edf\u3002pecl-http extension\u662f\u5176\u4e2d\u7684\u4e00\u4e2aHTTP\u8bf7\u6c42\u5904\u7406\u6269\u5c55\u6a21\u5757\u3002\r\n\r\nPHP\u7684pecl-http extension 3.1.0beta2\u53ca\u4e4b\u524d\u7248\u672c(PHP 7)\u548c2.6.0beta2\u53ca\u4e4b\u7248\u672c(PHP 5)\u4e2d\u7684php_http_params.c\u6587\u4ef6\u7684\u2018merge_param()\u2019\u51fd\u6570\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684HTTP\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "PHP pecl-http extension\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "PHPGroup pecl-http extension \u003c=3.1.0beta2",
      "PHPGroup pecl-http extension \u003c=2.6.0beta2"
    ]
  },
  "referenceLink": "https://github.com/m6w6/ext-http/commit/17137d4ab1ce81a2cee0fae842340a344ef3da83\r\nhttps://bugs.php.net/bug.php?id=73055\u0026edit=1\r\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7398",
  "serverity": "\u9ad8",
  "submitTime": "2019-09-10",
  "title": "PHP pecl-http extension\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

CVE-2016-7398 (GCVE-0-2016-7398)

Vulnerability from cvelistv5 – Published: 2019-09-06 18:46 – Updated: 2024-08-06 01:57

Summary

A type confusion vulnerability in the merge_param() function of php_http_params.c in PHP's pecl-http extension 3.1.0beta2 (PHP 7) and earlier as well as 2.6.0beta2 (PHP 5) and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests.

Severity

No CVSS data available.

CWE

Assigner

mitre

References

4 references

URL	Tags
https://bugs.php.net/bug.php?id=73055	x_refsource_MISC
https://github.com/m6w6/ext-http/commit/17137d4ab…	x_refsource_MISC
https://bugs.php.net/bug.php?id=73055&edit=1	x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2019…	mailing-listx_refsource_MLIST

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:57:47.391Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.php.net/bug.php?id=73055"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/m6w6/ext-http/commit/17137d4ab1ce81a2cee0fae842340a344ef3da83"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.php.net/bug.php?id=73055\u0026edit=1"
          },
          {
            "name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1929-1] php-pecl-http security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A type confusion vulnerability in the merge_param() function of php_http_params.c in PHP\u0027s pecl-http extension 3.1.0beta2 (PHP 7) and earlier as well as 2.6.0beta2 (PHP 5) and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-09-20T20:06:12.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.php.net/bug.php?id=73055"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/m6w6/ext-http/commit/17137d4ab1ce81a2cee0fae842340a344ef3da83"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.php.net/bug.php?id=73055\u0026edit=1"
        },
        {
          "name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1929-1] php-pecl-http security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00022.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-7398",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A type confusion vulnerability in the merge_param() function of php_http_params.c in PHP\u0027s pecl-http extension 3.1.0beta2 (PHP 7) and earlier as well as 2.6.0beta2 (PHP 5) and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugs.php.net/bug.php?id=73055",
              "refsource": "MISC",
              "url": "https://bugs.php.net/bug.php?id=73055"
            },
            {
              "name": "https://github.com/m6w6/ext-http/commit/17137d4ab1ce81a2cee0fae842340a344ef3da83",
              "refsource": "MISC",
              "url": "https://github.com/m6w6/ext-http/commit/17137d4ab1ce81a2cee0fae842340a344ef3da83"
            },
            {
              "name": "https://bugs.php.net/bug.php?id=73055\u0026edit=1",
              "refsource": "MISC",
              "url": "https://bugs.php.net/bug.php?id=73055\u0026edit=1"
            },
            {
              "name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1929-1] php-pecl-http security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-7398",
    "datePublished": "2019-09-06T18:46:53.000Z",
    "dateReserved": "2016-09-09T00:00:00.000Z",
    "dateUpdated": "2024-08-06T01:57:47.391Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2019-31199

CVE-2016-7398 (GCVE-0-2016-7398)

Tags

Sightings

Nomenclature