CVE-2016-5114

Published: 30 May 2016

sapi/fpm/fpm/fpm_log.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 misinterprets the semantics of the snprintf return value, which allows attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and buffer overflow) via a long string, as demonstrated by a long URI in a configuration with custom REQUEST_URI logging.

Priority

Low

CVSS 3 base score: 9.1

Status

Package Release Status
php5
Launchpad, Ubuntu, Debian
Upstream
Released (5.6.17+dfsg-1)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr)
Released (5.5.9+dfsg-1ubuntu4.19)
Patches:
Upstream: https://git.php.net/?p=php-src.git;a=commit;h=be19dbcb84fea0001e53cea2732c00de7ae6c371
php7.0
Launchpad, Ubuntu, Debian
Upstream
Released (7.0.2)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(7.0.4-7ubuntu2.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Upstream: https://git.php.net/?p=php-src.git;a=commit;h=2721a0148649e07ed74468f097a28899741eb58f