CVE-2016-5769

Source
https://nvd.nist.gov/vuln/detail/CVE-2016-5769
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-5769.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-5769
Downstream
Related
Published
2016-08-07T10:59:17Z
Modified
2025-10-15T08:18:16.936006Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted length value, related to the (1) mcryptgeneric and (2) mdecryptgeneric functions.

References

Affected packages

Git / github.com/php/php-src

Affected ranges

Type
GIT
Repo
https://github.com/php/php-src
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

Other

NEWS
NEWS-cvs2svn

php-5.*

php-5.3.23RC1
php-5.3.29
php-5.3.29RC1
php-5.4.30RC1
php-5.4.32RC1
php-5.4.4RC2
php-5.5.24RC1

Database specific

vanir_signatures

[
    {
        "target": {
            "function": "PHP_FUNCTION",
            "file": "ext/mcrypt/mcrypt.c"
        },
        "id": "CVE-2016-5769-1e38791e",
        "digest": {
            "function_hash": "32203687252165884641521496728768875831",
            "length": 862.0
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/php/php-src/commit/6c5211a0cef0cc2854eaa387e0eb036e012904d0",
        "signature_type": "Function"
    },
    {
        "target": {
            "file": "ext/mcrypt/mcrypt.c"
        },
        "id": "CVE-2016-5769-55804d1b",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "51506035410952857971304452021247457204",
                "72172001877554446259020152028712961325",
                "23823678257127232997246676589008072417",
                "79404059840789811017829614303744673097",
                "316716464072344995735252880437054926590",
                "133144832525051993283200446374798660032",
                "118513482838300105891328965937892768869",
                "51625652530258865130886867656754007806",
                "295643317836634352308122878734835744973",
                "134025358562151117036277580993723995320",
                "53308974436854345589175514518235005140",
                "123432703830555619410399524045646703668",
                "274948616570550046791735712048500728697",
                "210720851221617023742770210216610377765",
                "177805026462843861556536097778258501628",
                "56813145111427467166561965578064048321",
                "223104151265854851079208923612997307461",
                "288559410707505776242260049610837333526",
                "316380180247054606671851550130764740090",
                "97876106383301692192878046289127180928",
                "208353951838205513031284854184810846139",
                "6342196596892457715155847484865779065",
                "159658161077178262292623435235914444352",
                "99598370577946562571323571693268916769",
                "132319809085466114153954870450698293202",
                "278737045554005414479725755470164590689",
                "250776710189226611007773993594697665408",
                "140805238188469038667873767634145958558",
                "7917246294867735561636089688675586133",
                "216988507954644975874447503543952492236",
                "144144768032023746499122235626118888812",
                "284597779767863831769247246261069047996",
                "311545481339738867313422279474793563840",
                "211119573682066908010309989575468849733",
                "100097795215231351821476633483088303096",
                "220992996265067282146780970278178871317",
                "107541598084909458706518654133214381284",
                "202541991194560664732682085110264128585",
                "52937441558753884189007072066604679290",
                "331234618074300405171622225831864524086",
                "257079503444884391606546917934124186462",
                "84243947060426053783898080399576939330",
                "336858518779711385504993300302205279716",
                "247124980182649962830344183097786259398",
                "121568683361298879076014944275565977600",
                "128004954384681623314411341152037075490",
                "301638167035278486544212288584752834409",
                "100097795215231351821476633483088303096",
                "220992996265067282146780970278178871317",
                "107541598084909458706518654133214381284",
                "202541991194560664732682085110264128585",
                "52937441558753884189007072066604679290",
                "331234618074300405171622225831864524086",
                "257079503444884391606546917934124186462",
                "75228134084931234919028431746396422862",
                "155352773046509316093793262294328817001",
                "13403455186660695560611215518663741643",
                "86145246426455897047514904156727235995",
                "188852777033019140494822343138297462739",
                "324754148634191994496627402409449644615",
                "175579104865903254133184795791228385861",
                "22601008373147193363680276789871320526",
                "74540445281745428924315165972619681378",
                "255420801090324906472929815266396959541",
                "162537769432946825349683155901391755791",
                "96975799624951266121804677701445254956",
                "103468785533557990659031055583856397147",
                "252315403845441150356496678354250565286",
                "151250829233368440898226716357926331365",
                "215201808504977871505075013120700520013",
                "18831672502499337866918330311377452611",
                "299580278152735574644232995828475895428",
                "155197076127180644078167773684031241140",
                "279986312986013157433602706627718252666",
                "108301047452125326863388130017853150576",
                "170514010436317130915511175735613213483",
                "108922736017113226397193381149057477829",
                "248602242773591882869656813574384500466",
                "36109156945469671525124616816258215232",
                "154229438767943206757522772631254928450",
                "78292058565898487374414210089887748124",
                "180515694519127133405569765629436103282",
                "304831728773185010862170655875885258513",
                "234488795535759775967096295731254665807",
                "170859106745079581656982493293727508564",
                "334207528516879069333591507756164587224",
                "136727520044369131010052322533621687398",
                "61468977851291990280253725791132724184",
                "135641433211218751652614218211095362778",
                "257549267008996386706894294192708957288",
                "46291942419385322720909956551004814703",
                "233620863120751232504296121429457283118",
                "85562807094942212385892328126888618011",
                "100095825349509908195338522571750480883",
                "328496963986535805628545629451043376050",
                "135641433211218751652614218211095362778",
                "257549267008996386706894294192708957288",
                "46291942419385322720909956551004814703",
                "233620863120751232504296121429457283118",
                "85562807094942212385892328126888618011",
                "100095825349509908195338522571750480883",
                "100348104150133730394512559551230086608",
                "135641433211218751652614218211095362778",
                "257549267008996386706894294192708957288",
                "46291942419385322720909956551004814703",
                "233620863120751232504296121429457283118",
                "85562807094942212385892328126888618011",
                "100095825349509908195338522571750480883",
                "301573750849398086378845885227182347856",
                "117817571386698067686278134268543032382",
                "287326778485284824982418201603911521488",
                "24806138375808426109235208627063891857",
                "61398350717050256986935933096970754420",
                "303738838654397750216294390935270730471",
                "109749136095992164661187314812086475520",
                "212266597988963097289511345811854796640",
                "299544998759735810050106115221178716793",
                "68031016633594820525298371051549615338",
                "111926662012073738239301109070640886283",
                "31211932290491138503227412964743486197",
                "110801374305237676970892805118599050489",
                "195169520647841281508698925553470587011",
                "335296780347695821369198737553037977839",
                "12369752586288775198331732775728915977",
                "288964730139838176488296619888833475764",
                "335296780347695821369198737553037977839",
                "17962964901532148310780237221743924819",
                "4767300045298642612497977623740616635",
                "195169520647841281508698925553470587011",
                "147453028855202707556953789647212694254",
                "265356837420500244845628611412360869505",
                "195169520647841281508698925553470587011",
                "147453028855202707556953789647212694254",
                "315590220896055998011731486200456525145",
                "195169520647841281508698925553470587011",
                "147453028855202707556953789647212694254",
                "22535166875373283639256524650756501389",
                "270997869577157866668476803573983228760",
                "145017492755142150959001266500335728958",
                "175433688630597055633269836258843103104",
                "91241541222137125244099323202064099966"
            ]
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/php/php-src/commit/6c5211a0cef0cc2854eaa387e0eb036e012904d0",
        "signature_type": "Line"
    },
    {
        "target": {
            "function": "PHP_FUNCTION",
            "file": "ext/mcrypt/mcrypt.c"
        },
        "id": "CVE-2016-5769-c3279c15",
        "digest": {
            "function_hash": "137476818522515136001851650963337495428",
            "length": 832.0
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/php/php-src/commit/6c5211a0cef0cc2854eaa387e0eb036e012904d0",
        "signature_type": "Function"
    }
]