{"id":"CVE-2016-10034","details":"The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \\\" (backslash double quote) in a crafted e-mail address.","aliases":["GHSA-r9mw-gwx9-v3h5"],"modified":"2026-05-08T18:27:02.147837Z","published":"2016-12-30T19:59:00.217Z","references":[{"type":"WEB","url":"http://www.securitytracker.com/id/1037539"},{"type":"WEB","url":"https://www.exploit-db.com/exploits/40979/"},{"type":"WEB","url":"https://www.exploit-db.com/exploits/40986/"},{"type":"WEB","url":"https://www.exploit-db.com/exploits/42221/"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/95144"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201804-10"},{"type":"EVIDENCE","url":"https://framework.zend.com/security/advisory/ZF2016-04"},{"type":"EVIDENCE","url":"https://legalhackers.com/advisories/ZendFramework-Exploit-ZendMail-Remote-Code-Exec-CVE-2016-10034-Vuln.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/zendframework/zend-mail","events":[{"introduced":"0"},{"last_affected":"6dc8a3a262c9d70889ec846124482db3edab9b39"},{"last_affected":"3311e163de28dc3b41dfba642939132a16336143"},{"last_affected":"4e994547f4af5f0de4c31546313989ca09319c6a"},{"last_affected":"fcec5a6f32a5646ce81783f319836996bdd03110"},{"last_affected":"2e817b58ebaa2b422a25d854106a91f74b6a7976"}],"database_specific":{"source":"CPE_FIELD","cpe":["cpe:2.3:a:zend:zend-mail:2.6.0:*:*:*:*:*:*:*","cpe:2.3:a:zend:zend-mail:2.6.1:*:*:*:*:*:*:*","cpe:2.3:a:zend:zend-mail:2.6.2:*:*:*:*:*:*:*","cpe:2.3:a:zend:zend-mail:2.7.0:*:*:*:*:*:*:*","cpe:2.3:a:zend:zend-mail:2.7.1:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"0"},{"last_affected":"2.6.0"},{"last_affected":"2.6.1"},{"last_affected":"2.6.2"},{"last_affected":"2.7.0"},{"last_affected":"2.7.1"}]}}],"versions":["release-2.0.0","release-2.0.1","release-2.0.2","release-2.0.3","release-2.0.4","release-2.0.7","release-2.1.1","release-2.1.2","release-2.1.3","release-2.1.4","release-2.1.5","release-2.1.6","release-2.2.0","release-2.2.0rc1","release-2.2.0rc2","release-2.2.0rc3","release-2.2.1","release-2.2.10","release-2.2.2","release-2.2.3","release-2.2.4","release-2.2.5","release-2.2.6","release-2.2.7","release-2.2.8","release-2.2.9","release-2.3.0","release-2.3.1","release-2.3.2","release-2.3.3","release-2.3.4","release-2.3.5","release-2.3.6","release-2.3.7","release-2.4.0","release-2.4.0rc1","release-2.4.0rc2","release-2.4.0rc3","release-2.4.0rc4","release-2.4.0rc5","release-2.4.0rc6","release-2.4.0rc7","release-2.4.1","release-2.4.2","release-2.4.3","release-2.4.4","release-2.4.5","release-2.4.6","release-2.4.7","release-2.5.0","release-2.5.1","release-2.5.2","release-2.6.0","release-2.6.1","release-2.6.2","release-2.7.0","release-2.7.1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-10034.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/zendframework/zendframework","events":[{"introduced":"0"},{"last_affected":"7e5bdc38820aef518c1c49d4b6e8fcb0083b165b"},{"last_affected":"9a471288339e2183215c770e8ce59758fe667c65"},{"last_affected":"e192ce17bacd22896dd319f58bad18bc1b290100"},{"last_affected":"099399441d4b9f8323ec458d8693f73212c9e404"}],"database_specific":{"source":"CPE_FIELD","cpe":["cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*","cpe:2.3:a:zend:zend-mail:*:*:*:*:*:*:*:*","cpe:2.3:a:zend:zend-mail:2.5.0:*:*:*:*:*:*:*","cpe:2.3:a:zend:zend-mail:2.5.1:*:*:*:*:*:*:*","cpe:2.3:a:zend:zend-mail:2.5.2:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"0"},{"last_affected":"2.4.10"},{"last_affected":"2.5.0"},{"last_affected":"2.5.1"},{"last_affected":"2.5.2"}]}}],"versions":["last-docs-commit","release-2.0.0","release-2.0.0beta1","release-2.0.0beta2","release-2.0.0beta4","release-2.0.0beta5","release-2.0.0dev1","release-2.0.0dev2","release-2.0.0dev4","release-2.0.0rc1","release-2.0.0rc2","release-2.0.0rc4","release-2.0.0rc5","release-2.0.0rc6","release-2.0.0rc7","release-2.0.1","release-2.0.2","release-2.0.3","release-2.0.4","release-2.1.1","release-2.1.2","release-2.1.3","release-2.1.4","release-2.1.5","release-2.2.0","release-2.2.0rc1","release-2.2.0rc2","release-2.2.0rc3","release-2.2.1","release-2.2.2","release-2.2.3","release-2.2.4","release-2.2.5","release-2.2.6","release-2.3.0","release-2.3.1","release-2.3.2","release-2.3.3","release-2.3.4","release-2.3.5","release-2.3.6","release-2.3.7","release-2.4.0","release-2.4.1","release-2.4.10","release-2.4.2","release-2.4.3","release-2.4.4","release-2.4.5","release-2.4.6","release-2.4.7","release-2.4.8","release-2.4.9","release-2.5.0","release-2.5.1","release-2.5.2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-10034.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}