CVE-2016-5095

high-risk
Published 2016-08-07

Integer overflow in the php_escape_html_entities_ex function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from a FILTER_SANITIZE_FULL_SPECIAL_CHARS filter_var call. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-5094.

Do I need to act?

-
0.95% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.6/10 High
NETWORK / LOW complexity

Affected Products (20)

Php
Php
Php
Php
Php
Php
Php
Php
Php
Php
Php
Php
Php
Php
Php
Php
Php
Php
Php
Php

Affected Vendors

Php

References (12)

Release Notes http://php.net/ChangeLog-5.php
http://www.debian.org/security/2016/dsa-3602
Release Notes http://www.openwall.com/lists/oss-security/2016/05/26/3
http://www.securityfocus.com/bid/92144
https://bugs.php.net/bug.php?id=72135
https://gist.github.com/8ef775c117d84ff15185953990a28576
Release Notes http://php.net/ChangeLog-5.php
http://www.debian.org/security/2016/dsa-3602
Release Notes http://www.openwall.com/lists/oss-security/2016/05/26/3
http://www.securityfocus.com/bid/92144
https://bugs.php.net/bug.php?id=72135
https://gist.github.com/8ef775c117d84ff15185953990a28576
55
/ 100
high-risk
Severity 29/34 · Critical
Exploitability 3/34 · Minimal
Exposure 23/34 · High