CVE-2016-3132
CRITICALPHP 7.x - Double Free in SplDoublyLinkedList::offsetSet
Title source: llmDescription
Double free vulnerability in the SplDoublyLinkedList::offsetSet function in ext/spl/spl_dllist.c in PHP 7.x before 7.0.6 allows remote attackers to execute arbitrary code via a crafted index.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry x_refsource_confirm
https://security-tracker.debian.org/tracker/CVE-2016-3132
Exploit x_refsource_confirm
https://bugs.php.net/bug.php?id=71735
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/92356
Patch x_refsource_confirm
http://github.com/php/php-src/commit/28a6ed9f9a36b9c517e4a8a429baf4dd382fc5d5?w=1
Patch, Release Notes x_refsource_confirm
https://php.net/ChangeLog-7.php
Scores
CVSS v3
9.8
EPSS
0.1133
EPSS Percentile
93.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-415
Status
published
Products (6)
php/php
7.0.0
php/php
7.0.1
php/php
7.0.2
php/php
7.0.3
php/php
7.0.4
php/php
7.0.5
Published
Aug 07, 2016
Tracked Since
Feb 18, 2026