Description

Integer overflow in the php_filter_encode_url function in ext/filter/sanitizing_filters.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow.

Remediation

References

CVE-2016-4345

Related Vulnerabilities

WordPress Plugin WP Poll Maker-Best WordPress Poll for Voting Contest Arbitrary File Upload (3.4)

WordPress Plugin WooCommerce Product Feed for Google, Facebook, eBay and Many More Cross-Site Scripting (3.1.14)

WordPress Plugin Structured Content (JSON-LD) #wpsc Cross-Site Scripting (1.5)

Oracle HTTP Server Other Vulnerability (CVE-2007-0282)

WordPress Plugin Top 10-Popular posts for WordPress SQL Injection (2.4.3)

Severity

Critical

Classification

CVE-2016-4345 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities