{ "threat_severity" : "Moderate", "public_date" : "2016-06-23T00:00:00Z", "bugzilla" : { "description" : "php: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize", "id" : "1351179", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1351179" }, "cvss" : { "cvss_base_score" : "5.1", "cvss_scoring_vector" : "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status" : "verified" }, "cvss3" : { "cvss3_base_score" : "5.6", "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "status" : "verified" }, "cwe" : "CWE-416", "details" : [ "php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data containing a ZipArchive object." ], "affected_release" : [ { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date" : "2016-11-15T00:00:00Z", "advisory" : "RHSA-2016:2750", "cpe" : "cpe:/a:redhat:rhel_software_collections:2::el6", "package" : "rh-php56-0:2.3-1.el6" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date" : "2016-11-15T00:00:00Z", "advisory" : "RHSA-2016:2750", "cpe" : "cpe:/a:redhat:rhel_software_collections:2::el6", "package" : "rh-php56-php-0:5.6.25-1.el6" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date" : "2016-11-15T00:00:00Z", "advisory" : "RHSA-2016:2750", "cpe" : "cpe:/a:redhat:rhel_software_collections:2::el6", "package" : "rh-php56-php-pear-1:1.9.5-4.el6" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", "release_date" : "2016-11-15T00:00:00Z", "advisory" : "RHSA-2016:2750", "cpe" : "cpe:/a:redhat:rhel_software_collections:2::el6", "package" : "rh-php56-0:2.3-1.el6" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", "release_date" : "2016-11-15T00:00:00Z", "advisory" : "RHSA-2016:2750", "cpe" : "cpe:/a:redhat:rhel_software_collections:2::el6", "package" : "rh-php56-php-0:5.6.25-1.el6" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", "release_date" : "2016-11-15T00:00:00Z", "advisory" : "RHSA-2016:2750", "cpe" : "cpe:/a:redhat:rhel_software_collections:2::el6", "package" : "rh-php56-php-pear-1:1.9.5-4.el6" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date" : "2016-11-15T00:00:00Z", "advisory" : "RHSA-2016:2750", "cpe" : "cpe:/a:redhat:rhel_software_collections:2::el7", "package" : "rh-php56-0:2.3-1.el7" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date" : "2016-11-15T00:00:00Z", "advisory" : "RHSA-2016:2750", "cpe" : "cpe:/a:redhat:rhel_software_collections:2::el7", "package" : "rh-php56-php-0:5.6.25-1.el7" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date" : "2016-11-15T00:00:00Z", "advisory" : "RHSA-2016:2750", "cpe" : "cpe:/a:redhat:rhel_software_collections:2::el7", "package" : "rh-php56-php-pear-1:1.9.5-4.el7" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS", "release_date" : "2016-11-15T00:00:00Z", "advisory" : "RHSA-2016:2750", "cpe" : "cpe:/a:redhat:rhel_software_collections:2::el7", "package" : "rh-php56-0:2.3-1.el7" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS", "release_date" : "2016-11-15T00:00:00Z", "advisory" : "RHSA-2016:2750", "cpe" : "cpe:/a:redhat:rhel_software_collections:2::el7", "package" : "rh-php56-php-0:5.6.25-1.el7" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS", "release_date" : "2016-11-15T00:00:00Z", "advisory" : "RHSA-2016:2750", "cpe" : "cpe:/a:redhat:rhel_software_collections:2::el7", "package" : "rh-php56-php-pear-1:1.9.5-4.el7" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS", "release_date" : "2016-11-15T00:00:00Z", "advisory" : "RHSA-2016:2750", "cpe" : "cpe:/a:redhat:rhel_software_collections:2::el7", "package" : "rh-php56-0:2.3-1.el7" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS", "release_date" : "2016-11-15T00:00:00Z", "advisory" : "RHSA-2016:2750", "cpe" : "cpe:/a:redhat:rhel_software_collections:2::el7", "package" : "rh-php56-php-0:5.6.25-1.el7" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS", "release_date" : "2016-11-15T00:00:00Z", "advisory" : "RHSA-2016:2750", "cpe" : "cpe:/a:redhat:rhel_software_collections:2::el7", "package" : "rh-php56-php-pear-1:1.9.5-4.el7" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Not affected", "package_name" : "php", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Will not fix", "package_name" : "php53", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Will not fix", "package_name" : "php", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Will not fix", "package_name" : "php", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Software Collections", "fix_state" : "Will not fix", "package_name" : "php54-php", "cpe" : "cpe:/a:redhat:rhel_software_collections:2" }, { "product_name" : "Red Hat Software Collections", "fix_state" : "Will not fix", "package_name" : "php55-php", "cpe" : "cpe:/a:redhat:rhel_software_collections:2" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2016-5773\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5773" ], "name" : "CVE-2016-5773", "csaw" : false }