Description

Integer overflow in the php_filter_encode_url function in ext/filter/sanitizing_filters.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow.

Remediation

References

CVE-2016-4345

Related Vulnerabilities

WordPress Plugin AlertWire Information Disclosure (1.1.1)

AngularJS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-7676)

Oracle Application Server CVE-2006-5359 Vulnerability (CVE-2006-5359)

Magento Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-7942)

WordPress Plugin UpdraftPlus WordPress Backup Multiple Vulnerabilities (1.16.58)

Severity

Critical

Classification

CVE-2016-4345 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities