CVE-2016-7398

A type confusion vulnerability in the merge_param() function of php_http_params.c in PHP's pecl-http extension 3.1.0beta2 (PHP 7) and earlier as well as 2.6.0beta2 (PHP 5) and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests.

Published : 2019-09-06 19:15 Updated : 2019-09-20 21:15

7.5
CVSS Score More info
Score 7.5 / 10
7.5
Vendor Product Version URI
Php Ext-http 2.5.6 cpe:/a:php:ext-http:2.5.6
Php Ext-http 2.6.0 cpe:/a:php:ext-http:2.6.0:-
Php Ext-http 2.6.0 cpe:/a:php:ext-http:2.6.0:beta1
Php Ext-http 2.6.0 cpe:/a:php:ext-http:2.6.0:beta2
Php Ext-http 2.6.0 cpe:/a:php:ext-http:2.6.0:rc1
Php Ext-http 3.1.0 cpe:/a:php:ext-http:3.1.0
Php Ext-http 3.1.0 cpe:/a:php:ext-http:3.1.0:beta1
Php Ext-http 3.1.0 cpe:/a:php:ext-http:3.1.0:beta2
Php Ext-http 3.1.0 cpe:/a:php:ext-http:3.1.0:rc1
Php Ext-http 3.0.0 cpe:/a:php:ext-http:3.0.0:-
Php Ext-http 3.0.0.rc1 cpe:/a:php:ext-http:3.0.0.rc1
Php Ext-http 3.0.1 cpe:/a:php:ext-http:3.0.1
  1. Php (1) Search CVE
    1. Ext-http (6) Search CVE
      1. 2.5.6
      2. 2.6.0
      3. 3.1.0
      4. 3.0.0
      5. 3.0.0.rc1
      6. 3.0.1

CWE

ID Name Description Links
CWE-704 Incorrect Type Conversion or Cast The software does not correctly convert an object, resource or structure from one type to a different type. CVE

History of changes

Date Event
2019-09-20 21:15
2019-09-10 14:25
2019-09-06 19:32

New CVE