Your submission was sent successfully! Close

CVE-2016-7133

Published: 11 September 2016

Zend/zend_alloc.c in PHP 7.x before 7.0.10, when open_basedir is enabled, mishandles huge realloc operations, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a long pathname.

Priority

Medium

CVSS 3 base score: 8.1

Status

Package Release Status
php5
Launchpad, Ubuntu, Debian
precise Not vulnerable
(code not present)
trusty Not vulnerable
(code not present)
upstream Not vulnerable
(code not present)
xenial Does not exist

php7.0
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist

upstream
Released (7.0.10-1)
xenial
Released (7.0.8-0ubuntu0.16.04.3)