Description

Double free vulnerability in the _php_mb_regex_ereg_replace_exec function in php_mbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by leveraging a callback exception.

Remediation

References

CVE-2016-5768

Related Vulnerabilities

Magento Improper Authorization Vulnerability (CVE-2021-21026)

Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2014-3541)

Moodle Improper Input Validation Vulnerability (CVE-2012-6099)

WordPress Plugin Database for Contact Form 7, WPforms, Elementor forms Cross-Site Scripting (1.3.8)

WordPress 5.4.x Multiple Vulnerabilities (5.4 - 5.4.6)

Severity

Critical

Classification

CVE-2016-5768 CWE-415 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities