CVE-2016-7398
CRITICAL9.8EPSS 5.7%php-pecl-http - security update
發布日:2019/9/6修改日:2026/3/9
也稱為:DEBIAN-CVE-2016-7398DLA-1929-1
描述
A type confusion vulnerability in the merge_param() function of php_http_params.c in PHP's pecl-http extension 3.1.0beta2 (PHP 7) and earlier as well as 2.6.0beta2 (PHP 5) and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests.
受影響套件(2)
- Debian/php-pecl-httpfrom 0, < 3.1.0+2.6.0-1
- Debian/php-pecl-httpfrom 0, < 2.0.4-1+deb8u1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |