Red Hat Bugzilla – Bug 1315339
CVE-2016-4344 CVE-2016-4345 CVE-2016-4346 php: Multiple heap overflows due to integer overflows
Last modified: 2016-06-13 14:22:27 EDT
Multiple heap-based buffer overflow caused by integer overflows were found in xml_utf8_encode, zend_string_alloc and php_addcslashes functions.
Created php tracking bugs for this issue:
Affects: fedora-all [bug 1315340]
CVE assignments via:
CVE-2016-4344 is for the issue in:
CVE-2016-4345 is for the issue in:
CVE-2016-4346 is for the issue in:
PHP 7 only. Additionally, these issue could only be triggered when PHP is configured to execute scripts with no or very high memory_limit. That is not a typical configured, the default in PHP packages in Red Hat products is 128M.