CVE-2016-5769
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2016-5769
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-5769.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2016-5769
- Downstream
- Related
- Published
- 2016-08-07T10:59:17Z
- Modified
- 2025-09-19T08:28:41.104248Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted length value, related to the (1) mcryptgeneric and (2) mdecryptgeneric functions.
- References
-
- http://php.net/ChangeLog-5.php
- http://www.debian.org/security/2016/dsa-3618
- http://www.openwall.com/lists/oss-security/2016/06/23/4
- https://bugs.php.net/bug.php?id=72455
- http://github.com/php/php-src/commit/6c5211a0cef0cc2854eaa387e0eb036e012904d0?w=1
- http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00025.html
- http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html
- http://php.net/ChangeLog-7.php
- http://www.securityfocus.com/bid/91399
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731
- https://support.apple.com/HT207170
Affected packages
Git / github.com/php/php-src
Affected ranges
- Type
- GIT
- Repo
- https://github.com/php/php-src
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
NEWS
NEWS-cvs2svn
php-5.*
php-5.3.23RC1
php-5.3.29
php-5.3.29RC1
php-5.4.30RC1
php-5.4.32RC1
php-5.4.4RC2
php-5.5.24RC1
Database specific
{
"vanir_signatures": [
{
"deprecated": false,
"target": {
"function": "PHP_FUNCTION",
"file": "ext/mcrypt/mcrypt.c"
},
"source": "https://github.com/php/php-src/commit/6c5211a0cef0cc2854eaa387e0eb036e012904d0",
"signature_type": "Function",
"id": "CVE-2016-5769-1e38791e",
"signature_version": "v1",
"digest": {
"function_hash": "32203687252165884641521496728768875831",
"length": 862.0
}
},
{
"deprecated": false,
"target": {
"file": "ext/mcrypt/mcrypt.c"
},
"source": "https://github.com/php/php-src/commit/6c5211a0cef0cc2854eaa387e0eb036e012904d0",
"signature_type": "Line",
"id": "CVE-2016-5769-55804d1b",
"signature_version": "v1",
"digest": {
"line_hashes": [
"51506035410952857971304452021247457204",
"72172001877554446259020152028712961325",
"23823678257127232997246676589008072417",
"79404059840789811017829614303744673097",
"316716464072344995735252880437054926590",
"133144832525051993283200446374798660032",
"118513482838300105891328965937892768869",
"51625652530258865130886867656754007806",
"295643317836634352308122878734835744973",
"134025358562151117036277580993723995320",
"53308974436854345589175514518235005140",
"123432703830555619410399524045646703668",
"274948616570550046791735712048500728697",
"210720851221617023742770210216610377765",
"177805026462843861556536097778258501628",
"56813145111427467166561965578064048321",
"223104151265854851079208923612997307461",
"288559410707505776242260049610837333526",
"316380180247054606671851550130764740090",
"97876106383301692192878046289127180928",
"208353951838205513031284854184810846139",
"6342196596892457715155847484865779065",
"159658161077178262292623435235914444352",
"99598370577946562571323571693268916769",
"132319809085466114153954870450698293202",
"278737045554005414479725755470164590689",
"250776710189226611007773993594697665408",
"140805238188469038667873767634145958558",
"7917246294867735561636089688675586133",
"216988507954644975874447503543952492236",
"144144768032023746499122235626118888812",
"284597779767863831769247246261069047996",
"311545481339738867313422279474793563840",
"211119573682066908010309989575468849733",
"100097795215231351821476633483088303096",
"220992996265067282146780970278178871317",
"107541598084909458706518654133214381284",
"202541991194560664732682085110264128585",
"52937441558753884189007072066604679290",
"331234618074300405171622225831864524086",
"257079503444884391606546917934124186462",
"84243947060426053783898080399576939330",
"336858518779711385504993300302205279716",
"247124980182649962830344183097786259398",
"121568683361298879076014944275565977600",
"128004954384681623314411341152037075490",
"301638167035278486544212288584752834409",
"100097795215231351821476633483088303096",
"220992996265067282146780970278178871317",
"107541598084909458706518654133214381284",
"202541991194560664732682085110264128585",
"52937441558753884189007072066604679290",
"331234618074300405171622225831864524086",
"257079503444884391606546917934124186462",
"75228134084931234919028431746396422862",
"155352773046509316093793262294328817001",
"13403455186660695560611215518663741643",
"86145246426455897047514904156727235995",
"188852777033019140494822343138297462739",
"324754148634191994496627402409449644615",
"175579104865903254133184795791228385861",
"22601008373147193363680276789871320526",
"74540445281745428924315165972619681378",
"255420801090324906472929815266396959541",
"162537769432946825349683155901391755791",
"96975799624951266121804677701445254956",
"103468785533557990659031055583856397147",
"252315403845441150356496678354250565286",
"151250829233368440898226716357926331365",
"215201808504977871505075013120700520013",
"18831672502499337866918330311377452611",
"299580278152735574644232995828475895428",
"155197076127180644078167773684031241140",
"279986312986013157433602706627718252666",
"108301047452125326863388130017853150576",
"170514010436317130915511175735613213483",
"108922736017113226397193381149057477829",
"248602242773591882869656813574384500466",
"36109156945469671525124616816258215232",
"154229438767943206757522772631254928450",
"78292058565898487374414210089887748124",
"180515694519127133405569765629436103282",
"304831728773185010862170655875885258513",
"234488795535759775967096295731254665807",
"170859106745079581656982493293727508564",
"334207528516879069333591507756164587224",
"136727520044369131010052322533621687398",
"61468977851291990280253725791132724184",
"135641433211218751652614218211095362778",
"257549267008996386706894294192708957288",
"46291942419385322720909956551004814703",
"233620863120751232504296121429457283118",
"85562807094942212385892328126888618011",
"100095825349509908195338522571750480883",
"328496963986535805628545629451043376050",
"135641433211218751652614218211095362778",
"257549267008996386706894294192708957288",
"46291942419385322720909956551004814703",
"233620863120751232504296121429457283118",
"85562807094942212385892328126888618011",
"100095825349509908195338522571750480883",
"100348104150133730394512559551230086608",
"135641433211218751652614218211095362778",
"257549267008996386706894294192708957288",
"46291942419385322720909956551004814703",
"233620863120751232504296121429457283118",
"85562807094942212385892328126888618011",
"100095825349509908195338522571750480883",
"301573750849398086378845885227182347856",
"117817571386698067686278134268543032382",
"287326778485284824982418201603911521488",
"24806138375808426109235208627063891857",
"61398350717050256986935933096970754420",
"303738838654397750216294390935270730471",
"109749136095992164661187314812086475520",
"212266597988963097289511345811854796640",
"299544998759735810050106115221178716793",
"68031016633594820525298371051549615338",
"111926662012073738239301109070640886283",
"31211932290491138503227412964743486197",
"110801374305237676970892805118599050489",
"195169520647841281508698925553470587011",
"335296780347695821369198737553037977839",
"12369752586288775198331732775728915977",
"288964730139838176488296619888833475764",
"335296780347695821369198737553037977839",
"17962964901532148310780237221743924819",
"4767300045298642612497977623740616635",
"195169520647841281508698925553470587011",
"147453028855202707556953789647212694254",
"265356837420500244845628611412360869505",
"195169520647841281508698925553470587011",
"147453028855202707556953789647212694254",
"315590220896055998011731486200456525145",
"195169520647841281508698925553470587011",
"147453028855202707556953789647212694254",
"22535166875373283639256524650756501389",
"270997869577157866668476803573983228760",
"145017492755142150959001266500335728958",
"175433688630597055633269836258843103104",
"91241541222137125244099323202064099966"
],
"threshold": 0.9
}
},
{
"deprecated": false,
"target": {
"function": "PHP_FUNCTION",
"file": "ext/mcrypt/mcrypt.c"
},
"source": "https://github.com/php/php-src/commit/6c5211a0cef0cc2854eaa387e0eb036e012904d0",
"signature_type": "Function",
"id": "CVE-2016-5769-c3279c15",
"signature_version": "v1",
"digest": {
"function_hash": "137476818522515136001851650963337495428",
"length": 832.0
}
}
]
}