What is the severity of CVE-2016-4072?

CVE-2016-4072 has a high severity rating due to the potential for remote code execution via crafted filenames.

How do I fix CVE-2016-4072?

To mitigate CVE-2016-4072, upgrade PHP to versions 5.5.34, 5.6.20, or 7.0.5 or later.

What versions of PHP are affected by CVE-2016-4072?

CVE-2016-4072 affects PHP versions prior to 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5.

Can CVE-2016-4072 be exploited without authentication?

Yes, CVE-2016-4072 can be exploited by unauthenticated attackers through crafted input.

What type of vulnerability is CVE-2016-4072 classified as?

CVE-2016-4072 is classified as a remote code execution vulnerability.

Vulnerability/
CVE-2016-4072

critical

9.8

CWE

20/5/2016

21/11/2024

CVE-2016-4072: Input Validation

First published: Fri May 20 2016(Updated: )

Fixed bug (Invalid memory write in phar on filename with \0 in name). (CVE-2016-4072)

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
debian/php5
debian/php7.0
PHP	<7.0.5	7.0.5
PHP	=5.6.0-alpha1
PHP	=5.6.0-alpha2
PHP	=5.6.0-alpha3
PHP	=5.6.0-alpha4
PHP	=5.6.0-alpha5
PHP	=5.6.0-beta1
PHP	=5.6.0-beta2
PHP	=5.6.0-beta3
PHP	=5.6.0-beta4
PHP	=5.6.1
PHP	=5.6.2
PHP	=5.6.3
PHP	=5.6.4
PHP	=5.6.5
PHP	=5.6.6
PHP	=5.6.7
PHP	=5.6.8
PHP	=5.6.9
PHP	=5.6.10
PHP	=5.6.11
PHP	=5.6.12
PHP	=5.6.13
PHP	=5.6.14
PHP	=5.6.15
PHP	=5.6.16
PHP	=5.6.17
PHP	=5.6.18
PHP	=5.6.19
PHP	=7.0.0
PHP	=7.0.1
PHP	=7.0.2
PHP	=7.0.3
PHP	=7.0.4
macOS Yosemite	<=10.11.4
PHP	=5.5.0
PHP	=5.5.0-alpha1
PHP	=5.5.0-alpha2
PHP	=5.5.0-alpha3
PHP	=5.5.0-alpha4
PHP	=5.5.0-alpha5
PHP	=5.5.0-alpha6
PHP	=5.5.0-beta1
PHP	=5.5.0-beta2
PHP	=5.5.0-beta3
PHP	=5.5.0-beta4
PHP	=5.5.0-rc1
PHP	=5.5.0-rc2
PHP	=5.5.1
PHP	=5.5.2
PHP	=5.5.3
PHP	=5.5.4
PHP	=5.5.5
PHP	=5.5.6
PHP	=5.5.7
PHP	=5.5.8
PHP	=5.5.9
PHP	=5.5.10
PHP	=5.5.11
PHP	=5.5.12
PHP	=5.5.13
PHP	=5.5.14
PHP	=5.5.15
PHP	=5.5.16
PHP	=5.5.17
PHP	=5.5.18
PHP	=5.5.19
PHP	=5.5.20
PHP	=5.5.21
PHP	=5.5.22
PHP	=5.5.23
PHP	=5.5.24
PHP	=5.5.25
PHP	=5.5.26
PHP	=5.5.27
PHP	=5.5.29
PHP	=5.5.30
PHP	=5.5.31
PHP	=5.5.32
PHP	=5.5.33

Remedy

https://git.php.net/?p=php-src.git;a=commit;h=1e9b175204e3286d64dfd6c9f09151c31b5e099a

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-4072?
CVE-2016-4072 has a high severity rating due to the potential for remote code execution via crafted filenames.
How do I fix CVE-2016-4072?
To mitigate CVE-2016-4072, upgrade PHP to versions 5.5.34, 5.6.20, or 7.0.5 or later.
What versions of PHP are affected by CVE-2016-4072?
CVE-2016-4072 affects PHP versions prior to 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5.
Can CVE-2016-4072 be exploited without authentication?
Yes, CVE-2016-4072 can be exploited by unauthenticated attackers through crafted input.
What type of vulnerability is CVE-2016-4072 classified as?
CVE-2016-4072 is classified as a remote code execution vulnerability.

agent/type
collector/launchpad-cve
source/Launchpad
agent/author
agent/remedy
agent/weakness
collector/security-tracker-debian
source/Debian
agent/software-canonical-lookup
agent/severity
collector/mitre-cve
source/MITRE
collector/usn-cve
source/Ubuntu
agent/references
agent/first-publish-date
agent/event
agent/description
agent/last-modified-date
agent/trending
agent/source
collector/php-changelog
source/PHP
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
collector/nvd-cve
source/NVD
collector/nvd-index
package-manager/debian
vendor/php
canonical/php
version/php/5.6.0-alpha1
version/php/5.6.0-alpha2
version/php/5.6.0-alpha3
version/php/5.6.0-alpha4
version/php/5.6.0-alpha5
version/php/5.6.0-beta1
version/php/5.6.0-beta2
version/php/5.6.0-beta3
version/php/5.6.0-beta4
version/php/5.6.1
version/php/5.6.2
version/php/5.6.3
version/php/5.6.4
version/php/5.6.5
version/php/5.6.6
version/php/5.6.7
version/php/5.6.8
version/php/5.6.9
version/php/5.6.10
version/php/5.6.11
version/php/5.6.12
version/php/5.6.13
version/php/5.6.14
version/php/5.6.15
version/php/5.6.16
version/php/5.6.17
version/php/5.6.18
version/php/5.6.19
version/php/7.0.0
version/php/7.0.1
version/php/7.0.2
version/php/7.0.3
version/php/7.0.4
vendor/apple
canonical/macos yosemite
version/macos yosemite/10.11.4
version/php/5.5.0
version/php/5.5.0-alpha1
version/php/5.5.0-alpha2
version/php/5.5.0-alpha3
version/php/5.5.0-alpha4
version/php/5.5.0-alpha5
version/php/5.5.0-alpha6
version/php/5.5.0-beta1
version/php/5.5.0-beta2
version/php/5.5.0-beta3
version/php/5.5.0-beta4
version/php/5.5.0-rc1
version/php/5.5.0-rc2
version/php/5.5.1
version/php/5.5.2
version/php/5.5.3
version/php/5.5.4
version/php/5.5.5
version/php/5.5.6
version/php/5.5.7
version/php/5.5.8
version/php/5.5.9
version/php/5.5.10
version/php/5.5.11
version/php/5.5.12
version/php/5.5.13
version/php/5.5.14
version/php/5.5.15
version/php/5.5.16
version/php/5.5.17
version/php/5.5.18
version/php/5.5.19
version/php/5.5.20
version/php/5.5.21
version/php/5.5.22
version/php/5.5.23
version/php/5.5.24
version/php/5.5.25
version/php/5.5.26
version/php/5.5.27
version/php/5.5.29
version/php/5.5.30
version/php/5.5.31
version/php/5.5.32
version/php/5.5.33

CVE-2016-4072: Input Validation

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-4072?

How do I fix CVE-2016-4072?

What versions of PHP are affected by CVE-2016-4072?

Can CVE-2016-4072 be exploited without authentication?

What type of vulnerability is CVE-2016-4072 classified as?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2016-4072?

How do I fix CVE-2016-4072?

What versions of PHP are affected by CVE-2016-4072?

Can CVE-2016-4072 be exploited without authentication?

What type of vulnerability is CVE-2016-4072 classified as?