GCVE - cpe:2.3:a:php:php:5.6.23:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:php:php:5.6.23:*:*:*:*:*:*:*

part: a version: 5.6.23 update: *

Vendor	Php (`9aec2613-7a27-5ce5-8ac7-140851d8da4c`)
Product	Php (`38640b93-5029-5cca-a025-ab7d01c98b51`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/php/php-src`	purl2cpe	2026-06-01 10:17:42.513148

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2016-7478`	vulnerable	2026-06-03 14:36:07.970447	Details available Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876. Published: 2017-01-11T06:02:00.000Z Updated: 2024-08-06T01:57:47.681Z Open on db.gcve.eu Reference links http://blog.checkpoint.com/wp-content/uploads/2016/12/PHP_Technical_Report.pdf http://www.securityfocus.com/bid/95150 https://www.youtube.com/watch?v=LDcaPstAuPk https://security.netapp.com/advisory/ntap-20180112-0001/ http://blog.checkpoint.com/2016/12/27/check-point-discovers-three-zero-day-vulnerabilities-web-programming-language-php-7	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-6297`	vulnerable	2026-06-03 14:35:57.438957	Details available Integer overflow in the php_stream_zip_opener function in ext/zip/zip_stream.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted zip:// URL. Published: 2016-07-25T14:00:00.000Z Updated: 2024-08-06T01:22:20.760Z Open on db.gcve.eu Reference links http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html https://security.gentoo.org/glsa/201611-22 https://bugs.php.net/72520 http://rhn.redhat.com/errata/RHSA-2016-2750.html http://fortiguard.com/advisory/fortinet-discovers-php-stack-based-buffer-overflow-vulnerabilities	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-6296`	vulnerable	2026-06-03 14:35:57.437677	Details available Integer signedness error in the simplestring_addn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a long first argument to the PHP xmlrpc_encode_request function. Published: 2016-07-25T14:00:00.000Z Updated: 2024-08-06T01:22:20.676Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/92095 http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=e6c48213c22ed50b2b987b479fcc1ac709394caa http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html https://security.gentoo.org/glsa/201611-22 http://rhn.redhat.com/errata/RHSA-2016-2750.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-6295`	vulnerable	2026-06-03 14:35:57.436326	Details available ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via crafted serialized data, a related issue to CVE-2016-5773. Published: 2016-07-25T14:00:00.000Z Updated: 2024-08-06T01:22:20.756Z Open on db.gcve.eu Reference links https://bugs.php.net/72479 http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html https://security.gentoo.org/glsa/201611-22 http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=cab1c3b3708eead315e033359d07049b23b147a3 http://rhn.redhat.com/errata/RHSA-2016-2750.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-6294`	vulnerable	2026-06-03 14:35:57.435049	Details available The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long argument. Published: 2016-07-25T14:00:00.000Z Updated: 2024-08-06T01:22:20.998Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/92115 http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html https://security.gentoo.org/glsa/201611-22 http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=aa82e99ed8003c01f1ef4f0940e56b85c5b032d4 http://rhn.redhat.com/errata/RHSA-2016-2750.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-6292`	vulnerable	2026-06-03 14:35:57.421492	Details available The exif_process_user_comment function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted JPEG image. Published: 2016-07-25T14:00:00.000Z Updated: 2024-08-06T01:22:20.762Z Open on db.gcve.eu Reference links http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html https://security.gentoo.org/glsa/201611-22 http://rhn.redhat.com/errata/RHSA-2016-2750.html http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=41131cd41d2fd2e0c2f332a27988df75659c42e4 https://bugs.php.net/72618	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-6291`	vulnerable	2026-06-03 14:35:57.420169	Details available The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds array access and memory corruption), obtain sensitive information from process memory, or possibly have unspecified other impact via a crafted JPEG image. Published: 2016-07-25T14:00:00.000Z Updated: 2024-08-06T01:22:20.687Z Open on db.gcve.eu Reference links http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=eebcbd5de38a0f1c2876035402cb770e37476519 http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html https://security.gentoo.org/glsa/201611-22 http://rhn.redhat.com/errata/RHSA-2016-2750.html http://php.net/ChangeLog-5.php	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-6290`	vulnerable	2026-06-03 14:35:57.418886	Details available ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors related to session deserialization. Published: 2016-07-25T14:00:00.000Z Updated: 2024-08-06T01:22:20.757Z Open on db.gcve.eu Reference links https://bugs.php.net/72562 http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html https://security.gentoo.org/glsa/201611-22 http://rhn.redhat.com/errata/RHSA-2016-2750.html http://php.net/ChangeLog-5.php	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-6289`	vulnerable	2026-06-03 14:35:57.412298	Details available Integer overflow in the virtual_file_ex function in TSRM/tsrm_virtual_cwd.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted extract operation on a ZIP archive. Published: 2016-07-25T14:00:00.000Z Updated: 2024-08-06T01:22:20.812Z Open on db.gcve.eu Reference links http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html https://security.gentoo.org/glsa/201611-22 http://rhn.redhat.com/errata/RHSA-2016-2750.html http://fortiguard.com/advisory/fortinet-discovers-php-stack-based-buffer-overflow-vulnerabilities http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=0218acb7e756a469099c4ccfb22bce6c2bd1ef87	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-5773`	vulnerable	2026-06-03 14:35:55.883618	Details available php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data containing a ZipArchive object. Published: 2016-08-07T10:00:00.000Z Updated: 2024-08-06T01:15:09.013Z Open on db.gcve.eu Reference links http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.html http://rhn.redhat.com/errata/RHSA-2016-2750.html http://github.com/php/php-src/commit/f6aef68089221c5ea047d4a74224ee3deead99a6?w=1 https://bugs.php.net/bug.php?id=72434	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.