CVE-2016-4473
Published: 8 June 2017
/ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code. NOTE: Introduced as part of an incomplete fix to CVE-2015-6833.
Notes
Author | Note |
---|---|
mdeslaur | introduced in fix for CVE-2015-6833 on 5.6 only by this commit: https://git.php.net/?p=php-src.git;a=commitdiff;h=eb7ba73079b73ca4ef91307ae1ef30b43468717b 5.5 is not affected |
Priority
CVSS 3 base score: 9.8
Status
Package | Release | Status |
---|---|---|
php5 Launchpad, Ubuntu, Debian |
upstream |
Released
(5.6.23)
|
precise |
Not vulnerable
(5.3.10-1ubuntu3.24)
|
|
trusty |
Not vulnerable
(5.5.9+dfsg-1ubuntu4.19)
|
|
xenial |
Does not exist
|
|
Patches: upstream: http://git.php.net/?p=php-src.git;a=commitdiff;h=d144590d38fa321b46b8e199c754006318985c84 |
||
php7.0 Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
xenial |
Not vulnerable
(7.0.8-0ubuntu0.16.04.2)
|