CVE-2016-6288

Priority
Description
The php_url_parse_ex function in ext/standard/url.c in PHP before 5.5.38
allows remote attackers to cause a denial of service (buffer over-read) or
possibly have unspecified other impact via vectors involving the smart_str
data type.
Package
Source: hhvm (LP Ubuntu Debian)
Upstream:released (3.12.1+dfsg-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Trusty/esm:DNE
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (3.12.11+dfsg-1build1)
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Patches:
Upstream:https://github.com/facebook/hhvm/commit/3fa7e73055855c409d48e8aa1dc416a76d3dd764
Package
Source: php5 (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):released (5.3.10-1ubuntu3.24)
Trusty/esm:released (5.5.9+dfsg-1ubuntu4.19)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Patches:
Upstream:https://git.php.net/?p=php-src.git;a=commit;h=629e4da7cc8b174acdeab84969cbfc606a019b31
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Trusty/esm:DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (7.0.8-0ubuntu0.16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Patches:
Upstream:http://git.php.net/?p=php-src.git;a=commit;h=e1ba58f068f4bfc8ced75bb017cd31d8beddf3c2
More Information

Updated: 2019-04-26 14:17:38 UTC (commit 30899e40836d26e1bb5f0b072d31fd87b6cf3bd4)