CVE-2016-4346
- Source
- https://cve.org/CVERecord?id=CVE-2016-4346
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-4346.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2016-4346
- Downstream
- Related
- Published
- 2016-05-22T01:59:20.887Z
- Modified
- 2026-02-24T01:09:34.270623Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Integer overflow in the str_pad function in ext/standard/string.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow.
- References
-
- http://lists.opensuse.org/opensuse-updates/2016-05/msg00086.html
- http://lists.opensuse.org/opensuse-updates/2016-06/msg00027.html
- http://php.net/ChangeLog-7.php
- http://www.openwall.com/lists/oss-security/2016/04/28/2
- https://bugs.php.net/bug.php?id=71637
- https://bugs.php.net/bug.php?id=71637
- https://bugs.php.net/bug.php?id=71637
- http://lists.opensuse.org/opensuse-updates/2016-05/msg00086.html
- http://lists.opensuse.org/opensuse-updates/2016-06/msg00027.html
- http://www.openwall.com/lists/oss-security/2016/04/28/2
- https://bugs.php.net/bug.php?id=71637
Affected packages
Git / github.com/php/php-src
Database specific
vanir_signatures
[
{
"signature_version": "v1",
"target": {
"file": "ext/wddx/wddx.c"
},
"source": "https://github.com/php/php-src/commit/28e985f7ee394ec4c078880703376e0efbb8385d",
"signature_type": "Line",
"id": "CVE-2016-4346-4643faa9",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"240350071091354082169554641503322018360",
"83239604679707749811593051196119658386",
"227586690061435287287994965536507444467",
"171971468238865359835315510260595594604",
"34110307404906790365435565495275501781",
"37364056837223290377158685987933560788",
"158805433901848107125099228832282898903",
"154096422045862655651765972076311404641"
]
}
},
{
"signature_version": "v1",
"target": {
"file": "ext/wddx/wddx.c",
"function": "php_wddx_process_data"
},
"source": "https://github.com/php/php-src/commit/28e985f7ee394ec4c078880703376e0efbb8385d",
"signature_type": "Function",
"id": "CVE-2016-4346-533d5c0a",
"deprecated": false,
"digest": {
"function_hash": "297808210448008143422161856745228178213",
"length": 1454.0
}
},
{
"signature_version": "v1",
"target": {
"file": "ext/wddx/wddx.c",
"function": "php_wddx_pop_element"
},
"source": "https://github.com/php/php-src/commit/28e985f7ee394ec4c078880703376e0efbb8385d",
"signature_type": "Function",
"id": "CVE-2016-4346-8d512a55",
"deprecated": false,
"digest": {
"function_hash": "256499925868157450184250045566717426855",
"length": 3105.0
}
}
]
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-4346.json"