CVE 2016-6288
The php_url_parse_ex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via vectors involving the smart_str data type.
Related bugs and status
CVE-2016-6288 (Candidate) is related to these bugs:
Bug #1315888: Zlib functions (gzopen etc.) are undefined while gzopen64 etc. exist
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1315888 | Zlib functions (gzopen etc.) are undefined while gzopen64 etc. exist | php | Unknown | Unknown | ||
1315888 | Zlib functions (gzopen etc.) are undefined while gzopen64 etc. exist | php5 (Ubuntu Trusty) | High | Fix Released | ||
1315888 | Zlib functions (gzopen etc.) are undefined while gzopen64 etc. exist | php5 (Ubuntu) | High | Fix Released |
Bug #1594041: PHP Security Bug #68978: "XSS in header() with Internet Explorer" has not been backported
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1594041 | PHP Security Bug #68978: "XSS in header() with Internet Explorer" has not been backported | php5 (Ubuntu) | Undecided | Fix Released | ||
1594041 | PHP Security Bug #68978: "XSS in header() with Internet Explorer" has not been backported | php5 (Ubuntu Wily) | Undecided | Fix Released | ||
1594041 | PHP Security Bug #68978: "XSS in header() with Internet Explorer" has not been backported | php5 (Ubuntu Trusty) | Medium | Fix Released | ||
1594041 | PHP Security Bug #68978: "XSS in header() with Internet Explorer" has not been backported | php5 (Ubuntu Yakkety) | Undecided | Fix Released | ||
1594041 | PHP Security Bug #68978: "XSS in header() with Internet Explorer" has not been backported | php5 (Ubuntu Precise) | Medium | Fix Released | ||
1594041 | PHP Security Bug #68978: "XSS in header() with Internet Explorer" has not been backported | php5 (Ubuntu Xenial) | Undecided | Fix Released | ||
1594041 | PHP Security Bug #68978: "XSS in header() with Internet Explorer" has not been backported | php | Unknown | Unknown |
See the
CVE page on Mitre.org
for more details.