CVE-2016-3078

high-risk
Published 2016-08-07

Multiple integer overflows in php_zip.c in the zip extension in PHP before 7.0.6 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted call to (1) getFromIndex or (2) getFromName in the ZipArchive class.

Do I need to act?

!
48.1% chance of exploitation in next 30 days
EPSS score — higher than 52% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
39742
+
Fix available
Upgrade to: 734a5fca2c4731e34eca551f28be9a10ffc3f3c9, 3b8d4de300854b3517c7acb239b84f7726c1353c
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Php

Affected Vendors

Php

References (14)

Exploit http://www.openwall.com/lists/oss-security/2016/04/28/1
Broken Link http://www.securitytracker.com/id/1035701
Exploit https://bugs.php.net/bug.php?id=71923
Patch https://github.com/php/php-src/commit/3b8d4de300854b3517c7acb239b84f7726c1353c?w...
Release Notes https://php.net/ChangeLog-7.php
Third Party Advisory https://security-tracker.debian.org/tracker/CVE-2016-3078
Exploit https://www.exploit-db.com/exploits/39742/
Exploit http://www.openwall.com/lists/oss-security/2016/04/28/1
Broken Link http://www.securitytracker.com/id/1035701
Exploit https://bugs.php.net/bug.php?id=71923
Patch https://github.com/php/php-src/commit/3b8d4de300854b3517c7acb239b84f7726c1353c?w...
Release Notes https://php.net/ChangeLog-7.php
Third Party Advisory https://security-tracker.debian.org/tracker/CVE-2016-3078
Exploit https://www.exploit-db.com/exploits/39742/
55
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 18/34 · Moderate
Exposure 5/34 · Minimal