What is the severity of CVE-2016-5769?

CVE-2016-5769 has a severity rating that allows remote attackers to cause a denial of service through heap-based buffer overflow.

How do I fix CVE-2016-5769?

To fix CVE-2016-5769, update PHP to version 5.5.37, 5.6.23, or 7.0.8 or later.

What versions of PHP are affected by CVE-2016-5769?

CVE-2016-5769 affects PHP versions prior to 5.5.37, 5.6.23, and 7.0.8.

What type of vulnerability is CVE-2016-5769?

CVE-2016-5769 is an integer overflow vulnerability that can lead to heap-based buffer overflow.

Can CVE-2016-5769 be exploited remotely?

Yes, CVE-2016-5769 can be exploited remotely, allowing attackers to crash the application.

Vulnerability/
CVE-2016-5769

critical

9.8

CWE

119 190

7/8/2016

6/8/2024

CVE-2016-5769: Buffer Overflow

First published: Sun Aug 07 2016(Updated: )

Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted length value, related to the (1) mcrypt_generic and (2) mdecrypt_generic functions.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
PHP	<7.0.8	7.0.8
PHP	<=5.5.36
PHP	=5.6.0-alpha1
PHP	=5.6.0-alpha2
PHP	=5.6.0-alpha3
PHP	=5.6.0-alpha4
PHP	=5.6.0-alpha5
PHP	=5.6.0-beta1
PHP	=5.6.0-beta2
PHP	=5.6.0-beta3
PHP	=5.6.0-beta4
PHP	=5.6.1
PHP	=5.6.2
PHP	=5.6.3
PHP	=5.6.4
PHP	=5.6.5
PHP	=5.6.6
PHP	=5.6.7
PHP	=5.6.8
PHP	=5.6.9
PHP	=5.6.10
PHP	=5.6.11
PHP	=5.6.12
PHP	=5.6.13
PHP	=5.6.14
PHP	=5.6.15
PHP	=5.6.16
PHP	=5.6.17
PHP	=5.6.18
PHP	=5.6.19
PHP	=5.6.20
PHP	=5.6.21
PHP	=5.6.22
PHP	=7.0.0
PHP	=7.0.1
PHP	=7.0.2
PHP	=7.0.3
PHP	=7.0.4
PHP	=7.0.5
PHP	=7.0.6
PHP	=7.0.7

Remedy

http://php.net/ChangeLog-5.php

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-5769?
CVE-2016-5769 has a severity rating that allows remote attackers to cause a denial of service through heap-based buffer overflow.
How do I fix CVE-2016-5769?
To fix CVE-2016-5769, update PHP to version 5.5.37, 5.6.23, or 7.0.8 or later.
What versions of PHP are affected by CVE-2016-5769?
CVE-2016-5769 affects PHP versions prior to 5.5.37, 5.6.23, and 7.0.8.
What type of vulnerability is CVE-2016-5769?
CVE-2016-5769 is an integer overflow vulnerability that can lead to heap-based buffer overflow.
Can CVE-2016-5769 be exploited remotely?
Yes, CVE-2016-5769 can be exploited remotely, allowing attackers to crash the application.

agent/type
agent/weakness
agent/softwarecombine
agent/severity
agent/remedy
agent/author
agent/references
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/php-changelog
source/PHP
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-index
vendor/php
canonical/php
version/php/5.5.36
version/php/5.6.0-alpha1
version/php/5.6.0-alpha2
version/php/5.6.0-alpha3
version/php/5.6.0-alpha4
version/php/5.6.0-alpha5
version/php/5.6.0-beta1
version/php/5.6.0-beta2
version/php/5.6.0-beta3
version/php/5.6.0-beta4
version/php/5.6.1
version/php/5.6.2
version/php/5.6.3
version/php/5.6.4
version/php/5.6.5
version/php/5.6.6
version/php/5.6.7
version/php/5.6.8
version/php/5.6.9
version/php/5.6.10
version/php/5.6.11
version/php/5.6.12
version/php/5.6.13
version/php/5.6.14
version/php/5.6.15
version/php/5.6.16
version/php/5.6.17
version/php/5.6.18
version/php/5.6.19
version/php/5.6.20
version/php/5.6.21
version/php/5.6.22
version/php/7.0.0
version/php/7.0.1
version/php/7.0.2
version/php/7.0.3
version/php/7.0.4
version/php/7.0.5
version/php/7.0.6
version/php/7.0.7