Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted length value, related to the (1) mcryptgeneric and (2) mdecryptgeneric functions.
{ "vanir_signatures": [ { "deprecated": false, "target": { "function": "PHP_FUNCTION", "file": "ext/mcrypt/mcrypt.c" }, "source": "https://github.com/php/php-src/commit/6c5211a0cef0cc2854eaa387e0eb036e012904d0", "signature_type": "Function", "id": "CVE-2016-5769-1e38791e", "signature_version": "v1", "digest": { "function_hash": "32203687252165884641521496728768875831", "length": 862.0 } }, { "deprecated": false, "target": { "file": "ext/mcrypt/mcrypt.c" }, "source": "https://github.com/php/php-src/commit/6c5211a0cef0cc2854eaa387e0eb036e012904d0", "signature_type": "Line", "id": "CVE-2016-5769-55804d1b", "signature_version": "v1", "digest": { "line_hashes": [ "51506035410952857971304452021247457204", "72172001877554446259020152028712961325", "23823678257127232997246676589008072417", "79404059840789811017829614303744673097", "316716464072344995735252880437054926590", "133144832525051993283200446374798660032", "118513482838300105891328965937892768869", "51625652530258865130886867656754007806", "295643317836634352308122878734835744973", "134025358562151117036277580993723995320", "53308974436854345589175514518235005140", "123432703830555619410399524045646703668", "274948616570550046791735712048500728697", "210720851221617023742770210216610377765", "177805026462843861556536097778258501628", "56813145111427467166561965578064048321", "223104151265854851079208923612997307461", "288559410707505776242260049610837333526", "316380180247054606671851550130764740090", "97876106383301692192878046289127180928", "208353951838205513031284854184810846139", "6342196596892457715155847484865779065", "159658161077178262292623435235914444352", "99598370577946562571323571693268916769", "132319809085466114153954870450698293202", "278737045554005414479725755470164590689", "250776710189226611007773993594697665408", "140805238188469038667873767634145958558", "7917246294867735561636089688675586133", "216988507954644975874447503543952492236", "144144768032023746499122235626118888812", "284597779767863831769247246261069047996", "311545481339738867313422279474793563840", "211119573682066908010309989575468849733", "100097795215231351821476633483088303096", "220992996265067282146780970278178871317", "107541598084909458706518654133214381284", "202541991194560664732682085110264128585", "52937441558753884189007072066604679290", "331234618074300405171622225831864524086", "257079503444884391606546917934124186462", "84243947060426053783898080399576939330", "336858518779711385504993300302205279716", "247124980182649962830344183097786259398", "121568683361298879076014944275565977600", "128004954384681623314411341152037075490", "301638167035278486544212288584752834409", "100097795215231351821476633483088303096", "220992996265067282146780970278178871317", "107541598084909458706518654133214381284", "202541991194560664732682085110264128585", "52937441558753884189007072066604679290", "331234618074300405171622225831864524086", "257079503444884391606546917934124186462", "75228134084931234919028431746396422862", "155352773046509316093793262294328817001", "13403455186660695560611215518663741643", "86145246426455897047514904156727235995", "188852777033019140494822343138297462739", "324754148634191994496627402409449644615", "175579104865903254133184795791228385861", "22601008373147193363680276789871320526", "74540445281745428924315165972619681378", "255420801090324906472929815266396959541", "162537769432946825349683155901391755791", "96975799624951266121804677701445254956", "103468785533557990659031055583856397147", "252315403845441150356496678354250565286", "151250829233368440898226716357926331365", "215201808504977871505075013120700520013", "18831672502499337866918330311377452611", "299580278152735574644232995828475895428", "155197076127180644078167773684031241140", "279986312986013157433602706627718252666", "108301047452125326863388130017853150576", "170514010436317130915511175735613213483", "108922736017113226397193381149057477829", "248602242773591882869656813574384500466", "36109156945469671525124616816258215232", "154229438767943206757522772631254928450", "78292058565898487374414210089887748124", "180515694519127133405569765629436103282", "304831728773185010862170655875885258513", "234488795535759775967096295731254665807", "170859106745079581656982493293727508564", "334207528516879069333591507756164587224", "136727520044369131010052322533621687398", "61468977851291990280253725791132724184", "135641433211218751652614218211095362778", "257549267008996386706894294192708957288", "46291942419385322720909956551004814703", "233620863120751232504296121429457283118", "85562807094942212385892328126888618011", "100095825349509908195338522571750480883", "328496963986535805628545629451043376050", "135641433211218751652614218211095362778", "257549267008996386706894294192708957288", "46291942419385322720909956551004814703", "233620863120751232504296121429457283118", "85562807094942212385892328126888618011", "100095825349509908195338522571750480883", "100348104150133730394512559551230086608", "135641433211218751652614218211095362778", "257549267008996386706894294192708957288", "46291942419385322720909956551004814703", "233620863120751232504296121429457283118", "85562807094942212385892328126888618011", "100095825349509908195338522571750480883", "301573750849398086378845885227182347856", "117817571386698067686278134268543032382", "287326778485284824982418201603911521488", "24806138375808426109235208627063891857", "61398350717050256986935933096970754420", "303738838654397750216294390935270730471", "109749136095992164661187314812086475520", "212266597988963097289511345811854796640", "299544998759735810050106115221178716793", "68031016633594820525298371051549615338", "111926662012073738239301109070640886283", "31211932290491138503227412964743486197", "110801374305237676970892805118599050489", "195169520647841281508698925553470587011", "335296780347695821369198737553037977839", "12369752586288775198331732775728915977", "288964730139838176488296619888833475764", "335296780347695821369198737553037977839", "17962964901532148310780237221743924819", "4767300045298642612497977623740616635", "195169520647841281508698925553470587011", "147453028855202707556953789647212694254", "265356837420500244845628611412360869505", "195169520647841281508698925553470587011", "147453028855202707556953789647212694254", "315590220896055998011731486200456525145", "195169520647841281508698925553470587011", "147453028855202707556953789647212694254", "22535166875373283639256524650756501389", "270997869577157866668476803573983228760", "145017492755142150959001266500335728958", "175433688630597055633269836258843103104", "91241541222137125244099323202064099966" ], "threshold": 0.9 } }, { "deprecated": false, "target": { "function": "PHP_FUNCTION", "file": "ext/mcrypt/mcrypt.c" }, "source": "https://github.com/php/php-src/commit/6c5211a0cef0cc2854eaa387e0eb036e012904d0", "signature_type": "Function", "id": "CVE-2016-5769-c3279c15", "signature_version": "v1", "digest": { "function_hash": "137476818522515136001851650963337495428", "length": 832.0 } } ] }