CVE-2016-6296

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2016-6296
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-6296.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-6296
Downstream
Related
Published
2016-07-25T14:59:10.297Z
Modified
2026-04-11T12:02:48.179998Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Integer signedness error in the simplestringaddn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a long first argument to the PHP xmlrpcencode_request function.

Database specific 
{
    "unresolved_ranges": [
        {
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "5.6.0-alpha4"
                }
            ],
            "cpe": "cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:*"
        },
        {
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "5.6.0-alpha5"
                }
            ],
            "cpe": "cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:*"
        }
    ]
}
References

Affected packages

Git / github.com/php/php-src

Affected ranges

Type
GIT
Repo
https://github.com/php/php-src
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d5747a70cf612e653b0e56dfa50efb29bbba273d
Last affected
8648f76bac2f78391a1539253f21d62f53d83022
Last affected
326ab8b147485eeb1ca023807272bc1994bcd7de
Last affected
dae8ff251c0cdbbb0640df8277edef050fdb8854
Last affected
11d102ebbcbbd008a6e50ddc65849dfcfb568da4
Last affected
a964242f19ad029e57a62576f04e3cbab4795d03
Last affected
57e698d58263edeb5e15d78e0a968298f65a439f
Last affected
69797e81ed9917bb199d5cdc44fce6697493e1d2
Last affected
939409d36feb09b882d521ec9ceecce6999ab199
Last affected
f94c1df85fb004bb35091da5cebe730589a409b8
Last affected
df586243a3a8367d69f22990f1246dec4bbf437a
Last affected
c37265eacdd0186cb3b0bfeb0e0104c8563807ef
Last affected
b1ffeb3a7f320549cbb1873f85f0da18e9a5a6ce
Last affected
ae15e636e2b213bf748fa0b94ca95ac96d6eae3a
Last affected
effcb5a97358f01714bd833c8063a4a7abe9dff1
Last affected
7603abbc5186e276a5a68c6ef28d1728e4a37ec4
Last affected
2610d63a482e708ba28cf8e056f47412445a6c53
Last affected
c9e5f38e5b62fb6e5b60fe0759f51ab137ae8fd6
Last affected
d8e4dcdfd617f1c1c942db63527d1d3838ede7c4
Last affected
f2722bdbc60403300a033ee8091a2da31f7c90c1
Last affected
f5751638dbd77136ce5c90e7d8bd090aa655c2a3
Last affected
2f0d051bfd43315bedfff2de3137abd2c67741a6
Last affected
8eff5afaced13c9c30337c11da4920fc1d2394ce
Last affected
cb80afc366df74ec7ab701a853407a69cc148f5d
Last affected
e808a7687ecd82ea18d6a83cb1f003a84831c0e2
Last affected
62cf13d3aa08b15107b02a0505a4f30142fa37b4
Last affected
2c9fcbabe8f7780c8566d9baddb5aae36fdce84b
Last affected
e197c9b13991e569179a709574187f9e455efc0f
Last affected
50a8b9527a2317ba861ad0b660ff981f69941cfd
Last affected
23bf3f418817f80991071ec413a0f1b97481cb88
Last affected
961e562d1b7e7d67c7370022a167938641d607ea
Last affected
60fffd296abce5fc071f3c173c25a2696cf683c6
Last affected
4054ec69da7631046f19d54ab06f09728a208b8b
Last affected
038c63cdea0472176ec2fdb162cfbd96e8c5f83e
Last affected
4e1b8701573698f56e12672e4991d7e6239138d2
Last affected
e09845d32614a19188632f410316478fbb440ebd
Last affected
249a8fd9ae2324c84ede7ecfca6f6026e6d87df6
Last affected
a36407215f69ba2debf77933dcb3faa0c3ba2d04
Database specific 
{
    "source": "CPE_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.5.37"
        },
        {
            "last_affected": "5.6.0-alpha1"
        },
        {
            "last_affected": "5.6.0-alpha2"
        },
        {
            "last_affected": "5.6.0-alpha3"
        },
        {
            "last_affected": "5.6.0-beta1"
        },
        {
            "last_affected": "5.6.0-beta2"
        },
        {
            "last_affected": "5.6.0-beta3"
        },
        {
            "last_affected": "5.6.0-beta4"
        },
        {
            "last_affected": "5.6.1"
        },
        {
            "last_affected": "5.6.2"
        },
        {
            "last_affected": "5.6.3"
        },
        {
            "last_affected": "5.6.4"
        },
        {
            "last_affected": "5.6.5"
        },
        {
            "last_affected": "5.6.6"
        },
        {
            "last_affected": "5.6.7"
        },
        {
            "last_affected": "5.6.8"
        },
        {
            "last_affected": "5.6.9"
        },
        {
            "last_affected": "5.6.10"
        },
        {
            "last_affected": "5.6.11"
        },
        {
            "last_affected": "5.6.12"
        },
        {
            "last_affected": "5.6.13"
        },
        {
            "last_affected": "5.6.14"
        },
        {
            "last_affected": "5.6.15"
        },
        {
            "last_affected": "5.6.16"
        },
        {
            "last_affected": "5.6.17"
        },
        {
            "last_affected": "5.6.18"
        },
        {
            "last_affected": "5.6.19"
        },
        {
            "last_affected": "5.6.20"
        },
        {
            "last_affected": "5.6.21"
        },
        {
            "last_affected": "5.6.22"
        },
        {
            "last_affected": "5.6.23"
        },
        {
            "last_affected": "7.0.0"
        },
        {
            "last_affected": "7.0.1"
        },
        {
            "last_affected": "7.0.2"
        },
        {
            "last_affected": "7.0.3"
        },
        {
            "last_affected": "7.0.4"
        },
        {
            "last_affected": "7.0.5"
        },
        {
            "last_affected": "7.0.8"
        }
    ],
    "cpe": [
        "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:5.6.0:beta4:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:5.6.8:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:5.6.9:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:5.6.10:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:5.6.11:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:5.6.12:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:5.6.13:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:5.6.14:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:5.6.15:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:5.6.16:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:5.6.17:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:5.6.18:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:5.6.19:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:5.6.20:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:5.6.21:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:5.6.22:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:5.6.23:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.0.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.0.4:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.0.5:*:*:*:*:*:*:*",
        "cpe:2.3:a:php:php:7.0.8:*:*:*:*:*:*:*"
    ]
}

Affected versions

Other
POST_64BIT_BRANCH_MERGE
POST_AST_MERGE
POST_PHP7_NSAPI_REMOVAL
POST_PHP7_REMOVALS
POST_PHPNG_MERGE
PRE_64BIT_BRANCH_MERGE
PRE_AST_MERGE
PRE_PHP7_EREG_MYSQL_REMOVALS
PRE_PHP7_NSAPI_REMOVAL
PRE_PHP7_REMOVALS
php-5.*
php-5.5.37
php-5.6.0alpha1
php-5.6.0alpha2
php-5.6.0alpha3
php-5.6.0beta1
php-5.6.0beta2
php-5.6.0beta3
php-5.6.0beta4
php-5.6.1
php-5.6.10
php-5.6.10RC1
php-5.6.11
php-5.6.11RC1
php-5.6.12
php-5.6.12RC1
php-5.6.13
php-5.6.13RC1
php-5.6.14
php-5.6.14RC1
php-5.6.15
php-5.6.15RC1
php-5.6.16
php-5.6.16RC1
php-5.6.17
php-5.6.17RC1
php-5.6.18
php-5.6.19
php-5.6.19RC1
php-5.6.1RC1
php-5.6.2
php-5.6.20
php-5.6.20RC1
php-5.6.21
php-5.6.21RC1
php-5.6.22
php-5.6.22RC1
php-5.6.23
php-5.6.23RC1
php-5.6.3
php-5.6.3RC1
php-5.6.4
php-5.6.4RC1
php-5.6.5
php-5.6.5RC1
php-5.6.6
php-5.6.6RC1
php-5.6.7
php-5.6.7RC1
php-5.6.8
php-5.6.8RC1
php-5.6.9
php-5.6.9RC1
php-7.*
php-7.0.0
php-7.0.0RC1
php-7.0.0RC2
php-7.0.0RC3
php-7.0.0RC4
php-7.0.0RC5
php-7.0.0RC6
php-7.0.0RC7
php-7.0.0RC8
php-7.0.0alpha1
php-7.0.0alpha2
php-7.0.0beta1
php-7.0.0beta2
php-7.0.0beta3
php-7.0.1
php-7.0.1RC1
php-7.0.2
php-7.0.2RC1
php-7.0.3
php-7.0.4
php-7.0.4RC1
php-7.0.5
php-7.0.5RC1
php-7.0.8
php-7.0.8RC1

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-6296.json"