CVE-2016-3078

CRITICAL

Php < 7.0.6 - Integer Overflow

Title source: rule

Description

Multiple integer overflows in php_zip.c in the zip extension in PHP before 7.0.6 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted call to (1) getFromIndex or (2) getFromName in the ZipArchive class.

Exploits (1)

exploitdb WORKING POC

by Hans Jerry Illikainen · textremotephp

https://www.exploit-db.com/exploits/39742

View Code ZIP pw:eip

References (7)

[Exploit, Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2016/04/28/1

[Broken Link, Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1035701

[Exploit, Issue Tracking, Vendor Advisory] https://bugs.php.net/bug.php?id=71923

[Patch, Third Party Advisory] https://github.com/php/php-src/commit/3b8d4de300854b3517c7acb239b84f7726c1353c?w=1

[Release Notes, Vendor Advisory] https://php.net/ChangeLog-7.php

[Third Party Advisory] https://security-tracker.debian.org/tracker/CVE-2016-3078

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/39742/

Scores

CVSS v3 9.8

EPSS 0.4811

EPSS Percentile 97.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-190

Status published

Products (1)

php/php 7.0.0 - 7.0.6

Published Aug 07, 2016

Tracked Since Feb 18, 2026