CVE-2016-3185

Published: 22 March 2016

The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (type confusion and application crash) via crafted serialized _cookies data, related to the SoapClient::__call method in ext/soap/soap.c.

Priority

Medium

CVSS 3 base score: 7.1

Status

Package Release Status
php5
Launchpad, Ubuntu, Debian
Upstream
Released (5.6.12)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr)
Released (5.5.9+dfsg-1ubuntu4.16)
Patches:
Upstream: http://git.php.net/?p=php-src.git;a=commit;h=c96d08b27226193dd51f2b50e84272235c6aaa69
php7.0
Launchpad, Ubuntu, Debian
Upstream
Released (7.0.4)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(7.0.4-5ubuntu2)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Upstream: https://git.php.net/?p=php-src.git;a=commit;h=eaf4e77190d402ea014207e9a7d5da1a4f3727ba

Notes

AuthorNote
mdeslaur
bug 71610 is for basically same issue as 70081 that got reverted
by mistake at some point. This CVE is for the first second part
of bug 70081.
See CVE-2015-8835 for the first part.

References

Bugs