CVE-2016-7398 - Vulnerability Details - OpenCVE

A type confusion vulnerability in the merge_param() function of php_http_params.c in PHP's pecl-http extension 3.1.0beta2 (PHP 7) and earlier as well as 2.6.0beta2 (PHP 5) and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Php	Ext-http

Configuration 1 [-]

OR	cpe:2.3:a:php:ext-http::::::::
	cpe:2.3:a:php:ext-http::::::::
	cpe:2.3:a:php:ext-http:2.6.0:-::::::
	cpe:2.3:a:php:ext-http:2.6.0:beta1::::::
	cpe:2.3:a:php:ext-http:2.6.0:beta2::::::
	cpe:2.3:a:php:ext-http:2.6.0:rc1::::::
	cpe:2.3:a:php:ext-http:3.1.0:::::::*
	cpe:2.3:a:php:ext-http:3.1.0:beta1::::::
	cpe:2.3:a:php:ext-http:3.1.0:beta2::::::
	cpe:2.3:a:php:ext-http:3.1.0:rc1::::::

No data.

References

Link	Providers
https://bugs.php.net/bug.php?id=73055
https://bugs.php.net/bug.php?id=73055&edit=1
https://github.com/m6w6/ext-http/commit/17137d4ab1ce81a2cee0fae842340a344ef3da83
https://lists.debian.org/debian-lts-announce/2019/09/msg00022.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-09-06T18:46:53

Updated: 2024-08-06T01:57:47.391Z

Reserved: 2016-09-09T00:00:00

Link: CVE-2016-7398

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-09-06T19:15:11.387

Modified: 2024-11-21T02:57:55.110

Link: CVE-2016-7398

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "A type confusion vulnerability in the merge_param() function of php_http_params.c in PHP's pecl-http extension 3.1.0beta2 (PHP 7) and earlier as well as 2.6.0beta2 (PHP 5) and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-09-20T20:06:12", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugs.php.net/bug.php?id=73055"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/m6w6/ext-http/commit/17137d4ab1ce81a2cee0fae842340a344ef3da83"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.php.net/bug.php?id=73055&edit=1"}, {"name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1929-1] php-pecl-http security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00022.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-7398", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A type confusion vulnerability in the merge_param() function of php_http_params.c in PHP's pecl-http extension 3.1.0beta2 (PHP 7) and earlier as well as 2.6.0beta2 (PHP 5) and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugs.php.net/bug.php?id=73055", "refsource": "MISC", "url": "https://bugs.php.net/bug.php?id=73055"}, {"name": "https://github.com/m6w6/ext-http/commit/17137d4ab1ce81a2cee0fae842340a344ef3da83", "refsource": "MISC", "url": "https://github.com/m6w6/ext-http/commit/17137d4ab1ce81a2cee0fae842340a344ef3da83"}, {"name": "https://bugs.php.net/bug.php?id=73055&edit=1", "refsource": "MISC", "url": "https://bugs.php.net/bug.php?id=73055&edit=1"}, {"name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1929-1] php-pecl-http security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00022.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T01:57:47.391Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugs.php.net/bug.php?id=73055"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/m6w6/ext-http/commit/17137d4ab1ce81a2cee0fae842340a344ef3da83"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugs.php.net/bug.php?id=73055&edit=1"}, {"name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1929-1] php-pecl-http security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00022.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-7398", "datePublished": "2019-09-06T18:46:53", "dateReserved": "2016-09-09T00:00:00", "dateUpdated": "2024-08-06T01:57:47.391Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:ext-http:*:*:*:*:*:*:*:*", "matchCriteriaId": "14147AA2-88B6-4FB1-85D2-B5E6303A01E1", "versionEndIncluding": "2.5.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:ext-http:*:*:*:*:*:*:*:*", "matchCriteriaId": "5F6F5342-02E9-47D8-9A78-C5500316CF32", "versionEndIncluding": "3.0.1", "versionStartIncluding": "3.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:ext-http:2.6.0:-:*:*:*:*:*:*", "matchCriteriaId": "002D0A5C-AC9C-4834-853F-E654007B6E9B", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:ext-http:2.6.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "2553E007-B037-4864-8422-07E258479C66", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:ext-http:2.6.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "665FFBDD-7A2C-49C2-A773-93F4C359FE89", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:ext-http:2.6.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "6D58B96D-6D9B-47FB-AE57-D933F08B3C1B", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:ext-http:3.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "EB488CE3-0E47-4A13-9B8A-841DEE172E32", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:ext-http:3.1.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "D31B18B2-5326-489D-99A5-CFB9524CAB12", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:ext-http:3.1.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "C15E183A-FFF4-4F72-8961-F8A7194B9E13", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:ext-http:3.1.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "623E4BBF-D8E3-48F4-AC70-4AD4AD232BD5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A type confusion vulnerability in the merge_param() function of php_http_params.c in PHP's pecl-http extension 3.1.0beta2 (PHP 7) and earlier as well as 2.6.0beta2 (PHP 5) and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests."}, {"lang": "es", "value": "Una vulnerabilidad de confusi\u00f3n de tipo en la funci\u00f3n merge_param() del archivo php_http_params.c en la extensi\u00f3n pecl-http de PHP versi\u00f3n 3.1.0beta2 (PHP 7) y anteriores, as\u00ed como tambi\u00e9n versi\u00f3n 2.6.0beta2 (PHP 5) y anteriores, permite a atacantes bloquear PHP y posiblemente ejecutar c\u00f3digo arbitrario por medio de peticiones HTTP creadas."}], "id": "CVE-2016-7398", "lastModified": "2024-11-21T02:57:55.110", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-09-06T19:15:11.387", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Vendor Advisory"], "url": "https://bugs.php.net/bug.php?id=73055"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "https://bugs.php.net/bug.php?id=73055&edit=1"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/m6w6/ext-http/commit/17137d4ab1ce81a2cee0fae842340a344ef3da83"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00022.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List", "Vendor Advisory"], "url": "https://bugs.php.net/bug.php?id=73055"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "https://bugs.php.net/bug.php?id=73055&edit=1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/m6w6/ext-http/commit/17137d4ab1ce81a2cee0fae842340a344ef3da83"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00022.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-704"}], "source": "nvd@nist.gov", "type": "Primary"}]}