Description

The php_url_parse_ex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via vectors involving the smart_str data type.

Remediation

References

CVE-2016-6288

Related Vulnerabilities

WordPress Plugin OAuth Single Sign On-SSO (OAuth Client) Security Bypass (6.22.5)

WordPress Plugin MukioPlayer SQL Injection (1.6)

Beego Framework Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2024-40465)

Oracle JRE CVE-2012-3213 Vulnerability (CVE-2012-3213)

WordPress Plugin 2Way VideoCalls and Random Chat-HTML5 Webcam Videochat Cross-Site Scripting (4.41)

Severity

Critical

Classification

CVE-2016-6288 CWE-119 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities