CVE - CVE-2016-4539

CVE-ID
CVE-2016-4539	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The xml_parse_into_struct function in ext/xml/xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (buffer under-read and segmentation fault) or possibly have unspecified other impact via crafted XML data in the second argument, leading to a parser level of zero.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:90174 URL:http://www.securityfocus.com/bid/90174 CONFIRM:http://php.net/ChangeLog-5.php CONFIRM:http://php.net/ChangeLog-7.php CONFIRM:https://bugs.php.net/bug.php?id=72099 CONFIRM:https://git.php.net/?p=php-src.git;a=commit;h=dccda88f27a084bcbbb30198ace12b4e7ae961cc CONFIRM:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731 CONFIRM:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149 CONFIRM:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722 DEBIAN:DSA-3602 URL:http://www.debian.org/security/2016/dsa-3602 FEDORA:FEDORA-2016-f4e73663f4 URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183736.html GENTOO:GLSA-201611-22 URL:https://security.gentoo.org/glsa/201611-22 MLIST:[oss-security] 20160505 CVE Request: PHP: several issues fixed with 7.0.6, 5.6.21 and 5.5.35 URL:http://www.openwall.com/lists/oss-security/2016/05/05/21 REDHAT:RHSA-2016:2750 URL:http://rhn.redhat.com/errata/RHSA-2016-2750.html SUSE:openSUSE-SU-2016:1357 URL:http://lists.opensuse.org/opensuse-updates/2016-05/msg00086.html SUSE:openSUSE-SU-2016:1524 URL:http://lists.opensuse.org/opensuse-updates/2016-06/msg00027.html
Assigning CNA
Debian GNU/Linux
Date Record Created
20160505	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20160505)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)