CVE-2016-4070

Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function. NOTE: the vendor says Not sure if this qualifies as security issue (probably not).

Affected Software

Name	Vendor	Start Version	End Version
Php	Php	*	5.5.33 (including)
Php	Php	5.6.0-alpha1 (including)	5.6.0-alpha1 (including)
Php	Php	5.6.0-alpha2 (including)	5.6.0-alpha2 (including)
Php	Php	5.6.0-alpha3 (including)	5.6.0-alpha3 (including)
Php	Php	5.6.0-alpha4 (including)	5.6.0-alpha4 (including)
Php	Php	5.6.0-alpha5 (including)	5.6.0-alpha5 (including)
Php	Php	5.6.0-beta1 (including)	5.6.0-beta1 (including)
Php	Php	5.6.0-beta2 (including)	5.6.0-beta2 (including)
Php	Php	5.6.0-beta3 (including)	5.6.0-beta3 (including)
Php	Php	5.6.0-beta4 (including)	5.6.0-beta4 (including)
Php	Php	5.6.1 (including)	5.6.1 (including)
Php	Php	5.6.2 (including)	5.6.2 (including)
Php	Php	5.6.3 (including)	5.6.3 (including)
Php	Php	5.6.4 (including)	5.6.4 (including)
Php	Php	5.6.5 (including)	5.6.5 (including)
Php	Php	5.6.6 (including)	5.6.6 (including)
Php	Php	5.6.7 (including)	5.6.7 (including)
Php	Php	5.6.8 (including)	5.6.8 (including)
Php	Php	5.6.9 (including)	5.6.9 (including)
Php	Php	5.6.10 (including)	5.6.10 (including)
Php	Php	5.6.11 (including)	5.6.11 (including)
Php	Php	5.6.12 (including)	5.6.12 (including)
Php	Php	5.6.13 (including)	5.6.13 (including)
Php	Php	5.6.14 (including)	5.6.14 (including)
Php	Php	5.6.15 (including)	5.6.15 (including)
Php	Php	5.6.16 (including)	5.6.16 (including)
Php	Php	5.6.17 (including)	5.6.17 (including)
Php	Php	5.6.18 (including)	5.6.18 (including)
Php	Php	5.6.19 (including)	5.6.19 (including)
Php	Php	7.0.0 (including)	7.0.0 (including)
Php	Php	7.0.1 (including)	7.0.1 (including)
Php	Php	7.0.2 (including)	7.0.2 (including)
Php	Php	7.0.3 (including)	7.0.3 (including)
Php	Php	7.0.4 (including)	7.0.4 (including)
Red Hat Software Collections for Red Hat Enterprise Linux 6	RedHat	rh-php56-0:2.3-1.el6	*
Red Hat Software Collections for Red Hat Enterprise Linux 6	RedHat	rh-php56-php-0:5.6.25-1.el6	*
Red Hat Software Collections for Red Hat Enterprise Linux 6	RedHat	rh-php56-php-pear-1:1.9.5-4.el6	*
Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS	RedHat	rh-php56-0:2.3-1.el6	*
Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS	RedHat	rh-php56-php-0:5.6.25-1.el6	*
Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS	RedHat	rh-php56-php-pear-1:1.9.5-4.el6	*
Red Hat Software Collections for Red Hat Enterprise Linux 7	RedHat	rh-php56-0:2.3-1.el7	*
Red Hat Software Collections for Red Hat Enterprise Linux 7	RedHat	rh-php56-php-0:5.6.25-1.el7	*
Red Hat Software Collections for Red Hat Enterprise Linux 7	RedHat	rh-php56-php-pear-1:1.9.5-4.el7	*
Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS	RedHat	rh-php56-0:2.3-1.el7	*
Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS	RedHat	rh-php56-php-0:5.6.25-1.el7	*
Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS	RedHat	rh-php56-php-pear-1:1.9.5-4.el7	*
Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS	RedHat	rh-php56-0:2.3-1.el7	*
Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS	RedHat	rh-php56-php-0:5.6.25-1.el7	*
Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS	RedHat	rh-php56-php-pear-1:1.9.5-4.el7	*
Php5	Ubuntu	esm-infra-legacy/trusty	*
Php5	Ubuntu	precise	*
Php5	Ubuntu	trusty	*
Php5	Ubuntu	trusty/esm	*
Php5	Ubuntu	upstream	*
Php5	Ubuntu	wily	*
Php7.0	Ubuntu	esm-infra/xenial	*
Php7.0	Ubuntu	upstream	*
Php7.0	Ubuntu	xenial	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-4070
CWE	https://cwe.mitre.org/data/definitions/189.html

Affected Software

References