CVE-2016-6296
Description
Integer signedness error in the simplestring_addn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a long first argument to the PHP xmlrpc_encode_request function.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
13.001
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| a XML-RPC request library (USN-3059-1) libxmlrpc-epi0_0.54.2-1.1ubuntu0.1_i386.deb | Linux |
| a XML-RPC request library (USN-3059-1) libxmlrpc-epi0_0.54.2-1.1ubuntu0.1_amd64.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234