ByteOS Network

Vulnerability Details :

CVE-2016-7129

Assigner-mitre

Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At-12 Sep, 2016 | 01:00

Updated At-06 Aug, 2024 | 01:50

The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via an invalid ISO 8601 time value, as demonstrated by a wddx_deserialize call that mishandles a dateTime element in a wddxPacket XML document.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:mitre

Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At:12 Sep, 2016 | 01:00

Updated At:06 Aug, 2024 | 01:50

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
http://www.php.net/ChangeLog-7.php	x_refsource_CONFIRM
https://security.gentoo.org/glsa/201611-22	vendor-advisory x_refsource_GENTOO
https://github.com/php/php-src/commit/426aeb2808955ee3d3f52e0cfb102834cdb836a5?w=1	x_refsource_CONFIRM
http://www.securitytracker.com/id/1036680	vdb-entry x_refsource_SECTRACK
http://rhn.redhat.com/errata/RHSA-2016-2750.html	vendor-advisory x_refsource_REDHAT
http://www.php.net/ChangeLog-5.php	x_refsource_CONFIRM
https://www.tenable.com/security/tns-2016-19	x_refsource_CONFIRM
http://openwall.com/lists/oss-security/2016/09/02/9	mailing-list x_refsource_MLIST
https://bugs.php.net/bug.php?id=72749	x_refsource_CONFIRM
http://www.securityfocus.com/bid/92758	vdb-entry x_refsource_BID

Hyperlink: http://www.php.net/ChangeLog-7.php

Resource:

x_refsource_CONFIRM

Hyperlink: https://security.gentoo.org/glsa/201611-22

Resource:

vendor-advisory

x_refsource_GENTOO

Hyperlink: https://github.com/php/php-src/commit/426aeb2808955ee3d3f52e0cfb102834cdb836a5?w=1

Resource:

x_refsource_CONFIRM

Hyperlink: http://www.securitytracker.com/id/1036680

Resource:

vdb-entry

x_refsource_SECTRACK

Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-2750.html

Resource:

vendor-advisory

x_refsource_REDHAT

Hyperlink: http://www.php.net/ChangeLog-5.php

Resource:

x_refsource_CONFIRM

Hyperlink: https://www.tenable.com/security/tns-2016-19

Resource:

x_refsource_CONFIRM

Hyperlink: http://openwall.com/lists/oss-security/2016/09/02/9

Resource:

mailing-list

x_refsource_MLIST

Hyperlink: https://bugs.php.net/bug.php?id=72749

Resource:

x_refsource_CONFIRM

Hyperlink: http://www.securityfocus.com/bid/92758

Resource:

vdb-entry

x_refsource_BID

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
http://www.php.net/ChangeLog-7.php	x_refsource_CONFIRM x_transferred
https://security.gentoo.org/glsa/201611-22	vendor-advisory x_refsource_GENTOO x_transferred
https://github.com/php/php-src/commit/426aeb2808955ee3d3f52e0cfb102834cdb836a5?w=1	x_refsource_CONFIRM x_transferred
http://www.securitytracker.com/id/1036680	vdb-entry x_refsource_SECTRACK x_transferred
http://rhn.redhat.com/errata/RHSA-2016-2750.html	vendor-advisory x_refsource_REDHAT x_transferred
http://www.php.net/ChangeLog-5.php	x_refsource_CONFIRM x_transferred
https://www.tenable.com/security/tns-2016-19	x_refsource_CONFIRM x_transferred
http://openwall.com/lists/oss-security/2016/09/02/9	mailing-list x_refsource_MLIST x_transferred
https://bugs.php.net/bug.php?id=72749	x_refsource_CONFIRM x_transferred
http://www.securityfocus.com/bid/92758	vdb-entry x_refsource_BID x_transferred

Hyperlink: http://www.php.net/ChangeLog-7.php

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: https://security.gentoo.org/glsa/201611-22

Resource:

vendor-advisory

x_refsource_GENTOO

x_transferred

Hyperlink: https://github.com/php/php-src/commit/426aeb2808955ee3d3f52e0cfb102834cdb836a5?w=1

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://www.securitytracker.com/id/1036680

Resource:

vdb-entry

x_refsource_SECTRACK

x_transferred

Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-2750.html

Resource:

vendor-advisory

x_refsource_REDHAT

x_transferred

Hyperlink: http://www.php.net/ChangeLog-5.php

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: https://www.tenable.com/security/tns-2016-19

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://openwall.com/lists/oss-security/2016/09/02/9

Resource:

mailing-list

x_refsource_MLIST

x_transferred

Hyperlink: https://bugs.php.net/bug.php?id=72749

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://www.securityfocus.com/bid/92758

Resource:

vdb-entry

x_refsource_BID

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cve@mitre.org

Published At:12 Sep, 2016 | 01:59

Updated At:12 Apr, 2025 | 10:46

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	9.8	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary	2.0	7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P

Type: Primary

Version: 3.0

Base score: 9.8

Base severity: CRITICAL

Vector:

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Primary

Version: 2.0

Base score: 7.5

Base severity: HIGH

Vector:

AV:N/AC:L/Au:N/C:P/I:P/A:P

CPE Matches

The PHP Group

>>php>>7.0.0

cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:*

The PHP Group

>>php>>7.0.1

cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*

The PHP Group

>>php>>7.0.2

cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:*

The PHP Group

>>php>>7.0.3

cpe:2.3:a:php:php:7.0.3:*:*:*:*:*:*:*

The PHP Group

>>php>>7.0.4

cpe:2.3:a:php:php:7.0.4:*:*:*:*:*:*:*

The PHP Group

>>php>>7.0.5

cpe:2.3:a:php:php:7.0.5:*:*:*:*:*:*:*

The PHP Group

>>php>>7.0.6

cpe:2.3:a:php:php:7.0.6:*:*:*:*:*:*:*

The PHP Group

>>php>>7.0.7

cpe:2.3:a:php:php:7.0.7:*:*:*:*:*:*:*

The PHP Group

>>php>>7.0.8

cpe:2.3:a:php:php:7.0.8:*:*:*:*:*:*:*

The PHP Group

>>php>>7.0.9

cpe:2.3:a:php:php:7.0.9:*:*:*:*:*:*:*

The PHP Group

>>php>>Versions up to 5.6.24(inclusive)

cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-20	Primary	nvd@nist.gov

CWE ID: CWE-20

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://openwall.com/lists/oss-security/2016/09/02/9	cve@mitre.org	Mailing List
http://rhn.redhat.com/errata/RHSA-2016-2750.html	cve@mitre.org	N/A
http://www.php.net/ChangeLog-5.php	cve@mitre.org	Release Notes
http://www.php.net/ChangeLog-7.php	cve@mitre.org	Release Notes
http://www.securityfocus.com/bid/92758	cve@mitre.org	N/A
http://www.securitytracker.com/id/1036680	cve@mitre.org	N/A
https://bugs.php.net/bug.php?id=72749	cve@mitre.org	Exploit Issue Tracking
https://github.com/php/php-src/commit/426aeb2808955ee3d3f52e0cfb102834cdb836a5?w=1	cve@mitre.org	Issue Tracking Patch
https://security.gentoo.org/glsa/201611-22	cve@mitre.org	N/A
https://www.tenable.com/security/tns-2016-19	cve@mitre.org	N/A
http://openwall.com/lists/oss-security/2016/09/02/9	af854a3a-2127-422b-91ae-364da2661108	Mailing List
http://rhn.redhat.com/errata/RHSA-2016-2750.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.php.net/ChangeLog-5.php	af854a3a-2127-422b-91ae-364da2661108	Release Notes
http://www.php.net/ChangeLog-7.php	af854a3a-2127-422b-91ae-364da2661108	Release Notes
http://www.securityfocus.com/bid/92758	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securitytracker.com/id/1036680	af854a3a-2127-422b-91ae-364da2661108	N/A
https://bugs.php.net/bug.php?id=72749	af854a3a-2127-422b-91ae-364da2661108	Exploit Issue Tracking
https://github.com/php/php-src/commit/426aeb2808955ee3d3f52e0cfb102834cdb836a5?w=1	af854a3a-2127-422b-91ae-364da2661108	Issue Tracking Patch
https://security.gentoo.org/glsa/201611-22	af854a3a-2127-422b-91ae-364da2661108	N/A
https://www.tenable.com/security/tns-2016-19	af854a3a-2127-422b-91ae-364da2661108	N/A