PHP virtual_file_ex DoS Vulnerability (CVE-2016-6289)
PHP virtual_file_ex DoS Vulnerability (CVE-2016-6289)
Release date:
Updated on:
Affected Systems:
PHP <5.5.38
PHP 7.x <7.0.9
PHP 5.6.x <5.6.24
Description:
CVE (CAN) ID: CVE-2016-6289
PHP is a widely used scripting language. It is especially suitable for Web development and can be embedded into HTML.
PHP <5.5.38, 5.6.x <5.6.24, 7.x <7.0.9, and virtual_file_ex functions have the integer overflow security vulnerability. Remote attackers can cause DoS (stack buffer overflow ).
<* Source: PHP
*>
Suggestion:
Vendor patch:
PHP
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://git.php.net /? P = php-src.git; a = commit; h = 0218acb7e756a469099c4ccfb22bce6c2bd1ef87
Http://php.net/ChangeLog-5.php
Https://bugs.php.net/72513
Http://php.net/ChangeLog-7.php
This article permanently updates the link address: