CVE-2016-7398

Priority
Description
A type confusion vulnerability in the merge_param() function of
php_http_params.c in PHP's pecl-http extension 3.1.0beta2 (PHP 7) and
earlier as well as 2.6.0beta2 (PHP 5) and earlier allows attackers to crash
PHP and possibly execute arbitrary code via crafted HTTP requests.
Notes
Package
Upstream:released (3.1.0+2.6.0-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (3.1.0+2.6.0-4build8)
Ubuntu 19.10 (Eoan Ermine):not-affected (3.1.0+2.6.0-4build8)
Ubuntu 20.04 LTS (Focal Fossa):not-affected (3.1.0+2.6.0-4build8)
Ubuntu 20.10 (Groovy Gorilla):not-affected (3.1.0+2.6.0-4build8)
More Information

Updated: 2020-06-26 13:14:33 UTC (commit 1a87ea640652472e210782b9405b2f2f9b73119d)