CVE-2016-3132
- Source
- https://cve.org/CVERecord?id=CVE-2016-3132
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-3132.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2016-3132
- Downstream
- Published
- 2016-08-07T10:59:04.663Z
- Modified
- 2026-05-06T23:52:48.050363Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Double free vulnerability in the SplDoublyLinkedList::offsetSet function in ext/spl/spl_dllist.c in PHP 7.x before 7.0.6 allows remote attackers to execute arbitrary code via a crafted index.
- Database specific
{ "unresolved_ranges": [ { "source": "CPE_FIELD", "cpe": "cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.0.0" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.0.1" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.0.2" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:a:php:php:7.0.3:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.0.3" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:a:php:php:7.0.4:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.0.4" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:a:php:php:7.0.5:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.0.5" } ] }, { "source": "DESCRIPTION", "extracted_events": [ { "introduced": "7.x" }, { "fixed": "7.0.6" } ] } ] }- References
Affected packages
Git / github.com/php/php-src
Affected versions
Other
POST_64BIT_BRANCH_MERGE
POST_AST_MERGE
POST_PHP7_NSAPI_REMOVAL
POST_PHP7_REMOVALS
POST_PHPNG_MERGE
PRE_64BIT_BRANCH_MERGE
PRE_AST_MERGE
PRE_PHP7_EREG_MYSQL_REMOVALS
PRE_PHP7_NSAPI_REMOVAL
PRE_PHP7_REMOVALS
Database specific
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-3132.json"
vanir_signatures_modified
"2026-05-06T23:52:48Z"
vanir_signatures
[
{
"source": "https://github.com/php/php-src/commit/28a6ed9f9a36b9c517e4a8a429baf4dd382fc5d5",
"signature_version": "v1",
"id": "CVE-2016-3132-80891d30",
"target": {
"file": "ext/spl/spl_dllist.c"
},
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"319179387729034841274760469604206168445",
"48832863698665694236481967152139719407",
"59111686446782427339145098948808976296",
"261215441993593876712539833676253033257"
]
},
"signature_type": "Line"
},
{
"source": "https://github.com/php/php-src/commit/28a6ed9f9a36b9c517e4a8a429baf4dd382fc5d5",
"signature_version": "v1",
"id": "CVE-2016-3132-89df2204",
"target": {
"function": "SPL_METHOD",
"file": "ext/spl/spl_dllist.c"
},
"deprecated": false,
"digest": {
"function_hash": "1131720695874403450086703265789160689",
"length": 864.0
},
"signature_type": "Function"
}
]