CVE-2016-3141

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2016-3141
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-3141.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-3141
Downstream
Related
Published
2016-03-31T16:59:00.117Z
Modified
2026-04-11T12:01:05.452589Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element.

Database specific 
{
    "unresolved_ranges": [
        {
            "cpe": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "10.11.4"
                }
            ]
        }
    ]
}
References

Affected packages

Git / github.com/php/php-src

Affected ranges

Type
GIT
Repo
https://github.com/php/php-src
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
523bb2473470242c9b167584247bf7c6b4bcb8d5
Last affected
fc1df8e7a6886e29a6ed5bef3f674ac61164e847
Last affected
939409d36feb09b882d521ec9ceecce6999ab199
Last affected
f94c1df85fb004bb35091da5cebe730589a409b8
Last affected
df586243a3a8367d69f22990f1246dec4bbf437a
Last affected
c37265eacdd0186cb3b0bfeb0e0104c8563807ef
Last affected
b1ffeb3a7f320549cbb1873f85f0da18e9a5a6ce
Last affected
ae15e636e2b213bf748fa0b94ca95ac96d6eae3a
Last affected
effcb5a97358f01714bd833c8063a4a7abe9dff1
Last affected
7603abbc5186e276a5a68c6ef28d1728e4a37ec4
Last affected
2610d63a482e708ba28cf8e056f47412445a6c53
Last affected
c9e5f38e5b62fb6e5b60fe0759f51ab137ae8fd6
Last affected
d8e4dcdfd617f1c1c942db63527d1d3838ede7c4
Last affected
f2722bdbc60403300a033ee8091a2da31f7c90c1
Last affected
f5751638dbd77136ce5c90e7d8bd090aa655c2a3
Last affected
2f0d051bfd43315bedfff2de3137abd2c67741a6
Last affected
8eff5afaced13c9c30337c11da4920fc1d2394ce
Last affected
cb80afc366df74ec7ab701a853407a69cc148f5d
Last affected
e808a7687ecd82ea18d6a83cb1f003a84831c0e2
Last affected
62cf13d3aa08b15107b02a0505a4f30142fa37b4
Database specific 
{
    "cpe": [
        "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:5.6.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:5.6.8:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:5.6.9:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:5.6.10:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:5.6.11:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:5.6.12:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:5.6.13:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:5.6.14:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:5.6.15:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:5.6.16:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:5.6.17:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:5.6.18:*:*:*:*:*:*:*"
    ],
    "source": "CPE_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.5.32"
        },
        {
            "last_affected": "5.6.0"
        },
        {
            "last_affected": "5.6.1"
        },
        {
            "last_affected": "5.6.2"
        },
        {
            "last_affected": "5.6.3"
        },
        {
            "last_affected": "5.6.4"
        },
        {
            "last_affected": "5.6.5"
        },
        {
            "last_affected": "5.6.6"
        },
        {
            "last_affected": "5.6.7"
        },
        {
            "last_affected": "5.6.8"
        },
        {
            "last_affected": "5.6.9"
        },
        {
            "last_affected": "5.6.10"
        },
        {
            "last_affected": "5.6.11"
        },
        {
            "last_affected": "5.6.12"
        },
        {
            "last_affected": "5.6.13"
        },
        {
            "last_affected": "5.6.14"
        },
        {
            "last_affected": "5.6.15"
        },
        {
            "last_affected": "5.6.16"
        },
        {
            "last_affected": "5.6.17"
        },
        {
            "last_affected": "5.6.18"
        }
    ]
}

Affected versions

php-5.*
php-5.5.32
php-5.6.0
php-5.6.0RC1
php-5.6.0RC2
php-5.6.0RC3
php-5.6.0RC4
php-5.6.0alpha1
php-5.6.0alpha2
php-5.6.0alpha3
php-5.6.0beta1
php-5.6.0beta2
php-5.6.0beta3
php-5.6.0beta4
php-5.6.1
php-5.6.10
php-5.6.10RC1
php-5.6.11
php-5.6.11RC1
php-5.6.12
php-5.6.12RC1
php-5.6.13
php-5.6.13RC1
php-5.6.14
php-5.6.14RC1
php-5.6.15
php-5.6.15RC1
php-5.6.16
php-5.6.16RC1
php-5.6.17
php-5.6.17RC1
php-5.6.18
php-5.6.1RC1
php-5.6.2
php-5.6.3
php-5.6.3RC1
php-5.6.4
php-5.6.4RC1
php-5.6.5
php-5.6.5RC1
php-5.6.6
php-5.6.6RC1
php-5.6.7
php-5.6.7RC1
php-5.6.8
php-5.6.8RC1
php-5.6.9
php-5.6.9RC1

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-3141.json"