VDB
CVE-2016-3142
CVE-2016-3142
PUBLISHED
The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\x05\x06 signature at an invalid location.
EPSS 4.30% · 89.1th percentile
Risk Scores
EPSS Score
4.30%
89.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:14.04:LTS | php5 | 5.5.6+dfsg-1ubuntu1, 5.5.6+dfsg-1ubuntu2, 5.5.8+dfsg-2ubuntu1 |
Exploit Intelligence
- Local privilege escalation through macOS 10.12.1 via CVE-2016-1825 or CVE-2016-7617. (github-poc)
- Local privilege escalation through macOS 10.12.1 via CVE-2016-1825 or CVE-2016-7617. (github-poc)
- Local privilege escalation through macOS 10.12.1 via CVE-2016-1825 or CVE-2016-7617. (github-poc)
- Local privilege escalation through macOS 10.12.1 via CVE-2016-1825 or CVE-2016-7617. (github-poc)
- Local privilege escalation through macOS 10.12.1 via CVE-2016-1825 or CVE-2016-7617. (github-poc)
- Local privilege escalation through macOS 10.12.1 via CVE-2016-1825 or CVE-2016-7617. (github-poc)
Timeline
- Mar 31, 2016 CVE Published
- Feb 4, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- Jul 2, 2023 EPSS Score
- Jul 16, 2023 EPSS Score
- Oct 29, 2023 EPSS Score
- Dec 21, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2016-3142 third-party-advisory
- http://www.openwall.com/lists/oss-security/2016/03/10/5 third-party-advisory
- http://www.openwall.com/lists/oss-security/2016/03/13/2 third-party-advisory
- https://ubuntu.com/security/notices/USN-2952-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2016-3142 third-party-advisory