Candidate: CVE-2016-4346
PublicDate: 2016-05-22 01:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4346
Description:
 Integer overflow in the str_pad function in ext/standard/string.c in PHP
 before 7.0.4 allows remote attackers to cause a denial of service or
 possibly have unspecified other impact via a long string, leading to a
 heap-based buffer overflow.
Ubuntu-Description:
Notes:
 mdeslaur> same fix as CVE-2016-4344
Bugs:
 https://bugs.php.net/bug.php?id=71637
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_php5:
upstream_php5: needs-triage
precise_php5: not-affected (5.3.10-1ubuntu3.22)
trusty_php5: not-affected (5.5.9+dfsg-1ubuntu4.16)
trusty/esm_php5: not-affected (5.5.9+dfsg-1ubuntu4.16)
vivid/stable-phone-overlay_php5: DNE
vivid/ubuntu-core_php5: DNE
wily_php5: not-affected (5.6.11+dfsg-1ubuntu3.3)
xenial_php5: DNE
devel_php5: DNE

Patches_php7.0:
 upstream: https://git.php.net/?p=php-src.git;a=commit;h=57b997ebf99e0eb9a073e0dafd2ab100bd4a112d
upstream_php7.0: needs-triage
precise_php7.0: DNE
trusty_php7.0: DNE
trusty/esm_php7.0: DNE
vivid/stable-phone-overlay_php7.0: DNE
vivid/ubuntu-core_php7.0: DNE
wily_php7.0: DNE
xenial_php7.0: not-affected (7.0.4-7ubuntu2)
esm-infra/xenial_php7.0: not-affected (7.0.4-7ubuntu2)
devel_php7.0: not-affected (7.0.4-7ubuntu4)