CVE-2016-5769

Source
https://nvd.nist.gov/vuln/detail/CVE-2016-5769
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-5769.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-5769
Downstream
Related
Published
2016-08-07T10:59:17Z
Modified
2025-09-19T08:28:41.104248Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted length value, related to the (1) mcryptgeneric and (2) mdecryptgeneric functions.

References

Affected packages

Git / github.com/php/php-src

Affected ranges

Type
GIT
Repo
https://github.com/php/php-src
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

Other

NEWS
NEWS-cvs2svn

php-5.*

php-5.3.23RC1
php-5.3.29
php-5.3.29RC1
php-5.4.30RC1
php-5.4.32RC1
php-5.4.4RC2
php-5.5.24RC1

Database specific

{
    "vanir_signatures": [
        {
            "deprecated": false,
            "target": {
                "function": "PHP_FUNCTION",
                "file": "ext/mcrypt/mcrypt.c"
            },
            "source": "https://github.com/php/php-src/commit/6c5211a0cef0cc2854eaa387e0eb036e012904d0",
            "signature_type": "Function",
            "id": "CVE-2016-5769-1e38791e",
            "signature_version": "v1",
            "digest": {
                "function_hash": "32203687252165884641521496728768875831",
                "length": 862.0
            }
        },
        {
            "deprecated": false,
            "target": {
                "file": "ext/mcrypt/mcrypt.c"
            },
            "source": "https://github.com/php/php-src/commit/6c5211a0cef0cc2854eaa387e0eb036e012904d0",
            "signature_type": "Line",
            "id": "CVE-2016-5769-55804d1b",
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "51506035410952857971304452021247457204",
                    "72172001877554446259020152028712961325",
                    "23823678257127232997246676589008072417",
                    "79404059840789811017829614303744673097",
                    "316716464072344995735252880437054926590",
                    "133144832525051993283200446374798660032",
                    "118513482838300105891328965937892768869",
                    "51625652530258865130886867656754007806",
                    "295643317836634352308122878734835744973",
                    "134025358562151117036277580993723995320",
                    "53308974436854345589175514518235005140",
                    "123432703830555619410399524045646703668",
                    "274948616570550046791735712048500728697",
                    "210720851221617023742770210216610377765",
                    "177805026462843861556536097778258501628",
                    "56813145111427467166561965578064048321",
                    "223104151265854851079208923612997307461",
                    "288559410707505776242260049610837333526",
                    "316380180247054606671851550130764740090",
                    "97876106383301692192878046289127180928",
                    "208353951838205513031284854184810846139",
                    "6342196596892457715155847484865779065",
                    "159658161077178262292623435235914444352",
                    "99598370577946562571323571693268916769",
                    "132319809085466114153954870450698293202",
                    "278737045554005414479725755470164590689",
                    "250776710189226611007773993594697665408",
                    "140805238188469038667873767634145958558",
                    "7917246294867735561636089688675586133",
                    "216988507954644975874447503543952492236",
                    "144144768032023746499122235626118888812",
                    "284597779767863831769247246261069047996",
                    "311545481339738867313422279474793563840",
                    "211119573682066908010309989575468849733",
                    "100097795215231351821476633483088303096",
                    "220992996265067282146780970278178871317",
                    "107541598084909458706518654133214381284",
                    "202541991194560664732682085110264128585",
                    "52937441558753884189007072066604679290",
                    "331234618074300405171622225831864524086",
                    "257079503444884391606546917934124186462",
                    "84243947060426053783898080399576939330",
                    "336858518779711385504993300302205279716",
                    "247124980182649962830344183097786259398",
                    "121568683361298879076014944275565977600",
                    "128004954384681623314411341152037075490",
                    "301638167035278486544212288584752834409",
                    "100097795215231351821476633483088303096",
                    "220992996265067282146780970278178871317",
                    "107541598084909458706518654133214381284",
                    "202541991194560664732682085110264128585",
                    "52937441558753884189007072066604679290",
                    "331234618074300405171622225831864524086",
                    "257079503444884391606546917934124186462",
                    "75228134084931234919028431746396422862",
                    "155352773046509316093793262294328817001",
                    "13403455186660695560611215518663741643",
                    "86145246426455897047514904156727235995",
                    "188852777033019140494822343138297462739",
                    "324754148634191994496627402409449644615",
                    "175579104865903254133184795791228385861",
                    "22601008373147193363680276789871320526",
                    "74540445281745428924315165972619681378",
                    "255420801090324906472929815266396959541",
                    "162537769432946825349683155901391755791",
                    "96975799624951266121804677701445254956",
                    "103468785533557990659031055583856397147",
                    "252315403845441150356496678354250565286",
                    "151250829233368440898226716357926331365",
                    "215201808504977871505075013120700520013",
                    "18831672502499337866918330311377452611",
                    "299580278152735574644232995828475895428",
                    "155197076127180644078167773684031241140",
                    "279986312986013157433602706627718252666",
                    "108301047452125326863388130017853150576",
                    "170514010436317130915511175735613213483",
                    "108922736017113226397193381149057477829",
                    "248602242773591882869656813574384500466",
                    "36109156945469671525124616816258215232",
                    "154229438767943206757522772631254928450",
                    "78292058565898487374414210089887748124",
                    "180515694519127133405569765629436103282",
                    "304831728773185010862170655875885258513",
                    "234488795535759775967096295731254665807",
                    "170859106745079581656982493293727508564",
                    "334207528516879069333591507756164587224",
                    "136727520044369131010052322533621687398",
                    "61468977851291990280253725791132724184",
                    "135641433211218751652614218211095362778",
                    "257549267008996386706894294192708957288",
                    "46291942419385322720909956551004814703",
                    "233620863120751232504296121429457283118",
                    "85562807094942212385892328126888618011",
                    "100095825349509908195338522571750480883",
                    "328496963986535805628545629451043376050",
                    "135641433211218751652614218211095362778",
                    "257549267008996386706894294192708957288",
                    "46291942419385322720909956551004814703",
                    "233620863120751232504296121429457283118",
                    "85562807094942212385892328126888618011",
                    "100095825349509908195338522571750480883",
                    "100348104150133730394512559551230086608",
                    "135641433211218751652614218211095362778",
                    "257549267008996386706894294192708957288",
                    "46291942419385322720909956551004814703",
                    "233620863120751232504296121429457283118",
                    "85562807094942212385892328126888618011",
                    "100095825349509908195338522571750480883",
                    "301573750849398086378845885227182347856",
                    "117817571386698067686278134268543032382",
                    "287326778485284824982418201603911521488",
                    "24806138375808426109235208627063891857",
                    "61398350717050256986935933096970754420",
                    "303738838654397750216294390935270730471",
                    "109749136095992164661187314812086475520",
                    "212266597988963097289511345811854796640",
                    "299544998759735810050106115221178716793",
                    "68031016633594820525298371051549615338",
                    "111926662012073738239301109070640886283",
                    "31211932290491138503227412964743486197",
                    "110801374305237676970892805118599050489",
                    "195169520647841281508698925553470587011",
                    "335296780347695821369198737553037977839",
                    "12369752586288775198331732775728915977",
                    "288964730139838176488296619888833475764",
                    "335296780347695821369198737553037977839",
                    "17962964901532148310780237221743924819",
                    "4767300045298642612497977623740616635",
                    "195169520647841281508698925553470587011",
                    "147453028855202707556953789647212694254",
                    "265356837420500244845628611412360869505",
                    "195169520647841281508698925553470587011",
                    "147453028855202707556953789647212694254",
                    "315590220896055998011731486200456525145",
                    "195169520647841281508698925553470587011",
                    "147453028855202707556953789647212694254",
                    "22535166875373283639256524650756501389",
                    "270997869577157866668476803573983228760",
                    "145017492755142150959001266500335728958",
                    "175433688630597055633269836258843103104",
                    "91241541222137125244099323202064099966"
                ],
                "threshold": 0.9
            }
        },
        {
            "deprecated": false,
            "target": {
                "function": "PHP_FUNCTION",
                "file": "ext/mcrypt/mcrypt.c"
            },
            "source": "https://github.com/php/php-src/commit/6c5211a0cef0cc2854eaa387e0eb036e012904d0",
            "signature_type": "Function",
            "id": "CVE-2016-5769-c3279c15",
            "signature_version": "v1",
            "digest": {
                "function_hash": "137476818522515136001851650963337495428",
                "length": 832.0
            }
        }
    ]
}