{"id":"CVE-2016-5770","details":"Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer argument, a related issue to CVE-2016-5096.","modified":"2026-04-16T01:42:53.479127794Z","published":"2016-08-07T10:59:18.150Z","related":["SUSE-SU-2016:1842-1"],"references":[{"type":"WEB","url":"http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html"},{"type":"ADVISORY","url":"http://github.com/php/php-src/commit/7245bff300d3fa8bacbef7897ff080a6f1c23eba?w=1"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html"},{"type":"ADVISORY","url":"http://php.net/ChangeLog-5.php"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-2750.html"},{"type":"ADVISORY","url":"http://www.debian.org/security/2016/dsa-3618"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2016/06/23/4"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/91403"},{"type":"ADVISORY","url":"https://bugs.php.net/bug.php?id=72262"},{"type":"ADVISORY","url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"},{"type":"ADVISORY","url":"https://support.apple.com/HT207170"},{"type":"REPORT","url":"https://bugs.php.net/bug.php?id=72262"},{"type":"FIX","url":"http://github.com/php/php-src/commit/7245bff300d3fa8bacbef7897ff080a6f1c23eba?w=1"},{"type":"FIX","url":"http://php.net/ChangeLog-5.php"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2016/06/23/4"},{"type":"ARTICLE","url":"http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html"},{"type":"ARTICLE","url":"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.html"},{"type":"ARTICLE","url":"http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2016/06/23/4"},{"type":"EVIDENCE","url":"https://bugs.php.net/bug.php?id=72262"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/php/php-src","events":[{"introduced":"0"},{"fixed":"7245bff300d3fa8bacbef7897ff080a6f1c23eba"}]}],"versions":["NEWS","NEWS-cvs2svn","php-5.3.23RC1","php-5.3.29","php-5.3.29RC1","php-5.4.30RC1","php-5.4.32RC1","php-5.4.4RC2","php-5.5.24RC1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-5770.json","vanir_signatures":[{"target":{"file":"ext/spl/spl_directory.c"},"signature_type":"Line","digest":{"line_hashes":["207857728161140554441600061655700736911","214934269934396566947922605580496730714","296940648342514330163933506027098448376","103964395719938357469979482994290726989","88635915691016566904094490498000267631","40850093372234011884951839226248885947","110133465975390168161568987079275214571","327426292152065042271238869839733092069","312064766065238879598467973723559511247","279378876464457652418055060405542256631","37153068688319700706247907468401081375","142544098206661611960252893453565334712","217591465213875994946799122056113470242","258687329172644183052229230092436995941","124477937712182379275787261405554635167","18521737454947230733279860742565194767","191310445344489404374829949782385918544","169849886458913483152503330212676115962","290837326575033210651545831652719648709","89594481386855846768712716817846133844","304747310595769505535955949836356411904","249200113471160978775166586737544207035","202867115870269892394509977995037481373","13596281857796554230085622512732836900","90350360789214509156652202912038346186","187194619120037686569354480045870791617","30703075079811505809559768093682117373","203228191160360984239227959534695765427","66976602086100513539869433732135558328","188096752431760393748224607547286677174","315226105600006008699476046411790132788","45732972775182300778448996084630053172","24852563524450049791271235511498957457","259909832417321797798278686743668414369","290985903483583654043549321325230250358","176340865462836955845143287064883276535","65788481645577661787091807495041271423","42920774668213647338547875417537613620","27226673990395382951639522373888460363","44234929880664587857456234513503775387","192607349422823079985611696763736424314","153922410774732935806738138171964836788","278293627679551455888550667834355992097","101067540410623654063044071455248583306","326934217507677197866923045620624004990","302242324575682369957868652979113289261","236213647717437564292851789648002461538","271931953898478544485552745560698363578","286351824631486713798723681711529591966","20881098861313467780172584981153572926","57419796743339126641357233159804911212","158661390397053486828278980509528936011","307484916255737302800653563093888816051","19146442478611236009719688124775664665","30524597271835258459098972828076281532","119569536795060479614688377284118462122","80211877708375192335334857989051678853","95443995617954568813157485495402172027","95281394643467344407168092109626358846","193057556127114110635915799941470363967","158008694751404548761674665919464195939","95281394643467344407168092109626358846","193057556127114110635915799941470363967","132311109629369844032720868189880730392","179268543638408088366740575917000452837","19904252506700460868758718441007665231","296981039007751678386068689570690299030","95281394643467344407168092109626358846","193057556127114110635915799941470363967","111713550468922071441450111086443012457","236337531896750870974222297831576775953","181106193232054565667192712170096040419","239347581836893881564699256033898407007","158849396329528167507572626432840864416","181106193232054565667192712170096040419","329441141592421122900143458741005400597","332636141965510978552994221489511845208","101528824853018523070505649399877658118","245258418621111067503424893175383958839","102519316298953782302079659246257832593","95281394643467344407168092109626358846","193057556127114110635915799941470363967","339060801907014806678726519346416434182","61752185517446294607430063582290458682","139803445207499254554084499689683515610","208690941974635364044310167838190176225","228739686211792753961813567115090465243","150189812361515059947635729023823731667","156805408189848508546793658048180540767","95281394643467344407168092109626358846","193057556127114110635915799941470363967","215188472673793170232797003777809307865","95281394643467344407168092109626358846","193057556127114110635915799941470363967","159576831985570334153020023811955005736","95281394643467344407168092109626358846","193057556127114110635915799941470363967","244729115894096733457707889921469363227","293435668267643006972071042528221691772","185263633813623592652353094264021657923","264400958264950637807561967637007645244","326237525203632941514564711993066863786","35728460220307430412322124610313127557","129845197002609749659445700942987930391","324905641885473836094433513005644457999","104533914534476854147291167180426250313","56640401495541235347207074624505597219","188468199162599636112878899507803829023","137366877382585064172405330317887222447","313620665513247922159704478052424898151","188468199162599636112878899507803829023","64904068632615705085976079661666705665","201151784254702952756969759792150114741","334492096744168888376630460154862553355","245922436066192020830021719927209519558","161547472871588367263376713051867409353","122148901857671622580345377883073989571","2643797328558818452801931794382691191","221996443320159145967226851237212275206","172862345142225565753012608117136451069","20487287561370945888186821335878534953","165821203283589972074841466909889870029","235184286765970635440048596676020837441","328964068565813320256854450873762573414","226076429895337888961262869624841112206","172654153450429865513276995338029394879","328964068565813320256854450873762573414","226076429895337888961262869624841112206","299498186535600618470299114608254875887","68868536645389803802862094311057472891","95281394643467344407168092109626358846","193057556127114110635915799941470363967","234652590388091843498979599144172036388","19022380187149038487741788166743291294","43930397996778728327790582331567776563","287872256585633815783248597931976092963","273949448762706615793150091375889284090","198337802893624612326101303505038031365","60427031961898221872746900645717296187","95281394643467344407168092109626358846","193057556127114110635915799941470363967","170837898784258724074860055335222700846","144994638899129240814967089398640727120","43930397996778728327790582331567776563","92973958240537236393731011017884825150","95281394643467344407168092109626358846","193057556127114110635915799941470363967","193634473852516727253755261729679573719","80462420151775865245781361120107432186","73218844049903202559982733118974086273","269284470673284163167476698696706014785","328008832186899719961462712752118866329","114829643223412691256887235007399723691","2528425131263381030854311966074447586","143289264793611559242115394150939457729","71573823896725984441260153344600309442","174128627243539926272120497900904806378","59763688271421197408751244734315263880","154291940043202470983799719272068089144","168405692368157898609013094081143777959","259785370658559950714981580628803297893","89786028248090659536257835233058512812","336147993477433515934680808715185407746","222740931523923276370350304740891694137","210080096946936651427387437372272537095","188382453424981008969901931166353401158","80462420151775865245781361120107432186","303720273796229539985880176097211970137","286736441137998575984758372464688212099","37399893515260986461642265847155064939","67906460012425653514129308700205306685","199639124729749284994900559219734029863","313872890824217232991612101746424789355","310353873313478903782761707900859585509","55877723753362240691564580049424009697","261643574724904464194627561030575136499","316675930621184027089255832962550294728","185033109263723529457311542250510895199","231004050228082394947421116543840412136","285012539302518943399967026185327354989","338979712664502202004381082227374225449","29742642181106884832866654441841577308","279289601446631636172708432392171013914","308895106051333643003255696887061960550","43224313624302571347088857186796871709","26331917306210450706753159364099343756","91769608534375666752173491915926541678","21169647744361946429343117471908868658","286767356235884562904222626598462226043","315902550703828508625565840898731066595","223177333848547702290095876755932722700","336531525352001556214617907266048236892","266262533050213868382782852439034156327","70275964481474270842396111324303016290","245717713471056059533163155771930161402","160403713353944202684936769060010529307","282198693379007438899700157955182258553","141602559303004777480403344862727124251","303381981789591220419731327558969584814","223737417723974612486295561695542334432","297832020621143487111370492963513721380","299795750464603823424458467039820359884","2916987734153098277790224566833548003","91304738477124326872958036777336405926","264021181974792870823984278364534127456","133956034673742158644788889410118550295","7042458131444627075754258853498671079","73554171635540956141369730751213988562","151231497177556975690268999947312007090","92130989036587587302032237649390146524","112226387175313472411136305807912651018","272488665931502140257703696787796227090","35554872435268651299483105786248406831","24875255021502988762953487259587541127","83551973883344586354073152404074213748","139967446664226957449098689674688840787","164821388769105658912166466810342044480","79759011767472413616697227009515878789","138584224123342804423850465453912472697","174719318013814334042338757641865933715","105960988325257499672531119415342122665","288596362202594231631803900744243233320","196288316003127579975976269285608540902","95281394643467344407168092109626358846","193057556127114110635915799941470363967","87860417217296903655106882216958854746","95281394643467344407168092109626358846","193057556127114110635915799941470363967","244982467807978933793044241047077505328","95281394643467344407168092109626358846","193057556127114110635915799941470363967","54859222604294176413954792629481876248","95281394643467344407168092109626358846","193057556127114110635915799941470363967","261597942388231980050088333775298837105","95281394643467344407168092109626358846","193057556127114110635915799941470363967","190804696289990589665198808324666030181","95281394643467344407168092109626358846","193057556127114110635915799941470363967","112930222518415012274076627435588022921","95281394643467344407168092109626358846","193057556127114110635915799941470363967","327863393614236463214279176992301269023","74799694643200662583276072832716494794","96663415534168506290725154348675054249","134712273559901564555285996668632847971","95281394643467344407168092109626358846","193057556127114110635915799941470363967","37091619254715448405369640801974907784","159859969050096628056599088284755881925","151464072387156494876545865102389800078","300492668615682835333062595982951043210","314931402614395805191124466689385433714","99445178647355246713130667321851397274","202326221292713121952368938468846320203","308254551006096271931427833120933272492","140370968585355656107114588045606342706","337496959354896730912444140751137462149","314931402614395805191124466689385433714","99445178647355246713130667321851397274","168036943554710336749140485111397408509","199164357371910072712451814914196544415","119993156131949924995489254560092358180","335372645009736625186490097953901422004","121838623515586181492218961426019618701","186238030407900480012094108819351115012","88707624328710216576396432448650251486","80045952456384047989775756374567329079","314926564276588228141358923173688321144","282136722332836795038679848397817473607","327928032438596926424973101107162747116","283969522821842334648434767863129350851","314566609496861130665865689262021776624","280241754397848075735761484620043811090","153681332509552060251966382579046782457","33112893938834042975756566050724876363","308519570357244085107730606696596082354","107252868891399629504125635959162692887","180120782210067961764910440810011487180","160766578117471966537518478308900098465","172255958595837919894592856973428098735","88438312755720290077389583093071567857","319903627835017582141700594367369469424","256431809457993460725826500117534808258","180332830207740996464126834521529388716","248272203803441711078170942668640745488","136070107655965400621104995805012175527","3413820762178509284343845215498583137","81734633339880364194037749312922454836","286149576560679333442971556536502205923","279832784126444099554478733293105258945","45336266610371527213581399372562773421","246502934384197302672341322017565392471","285813355651340133809927952831466938406","157738642695681575219069148724335764414","288939563862960767603974788128255954349","230460342305302779848358253357753175820","73376689218533633596547948726760601180","187579293037119912245506154569813772360","205055987487825111764798038265447203129","155990613327117878504934658314687499963","282257852616622420626737689415965961123","210936091991461268254184003450100109462","187984804770952933336431440069416632457","157825547033091101745382650488172795668","237808174259922083846289968920730635670","307607684946101977470652739086861310052","70203133035205433126423283660104024592","245666921694743644417059534479377909739","160920670553343873282828079944618133578","242470922326318365100133910076795226382","28355692188281845623717698264595209288","110134623043864247633334556436051566069","81165161856142501511809070104426888754","293493406358771216845580877280447244897","183140791093173272903373688265060151617","295639280927304045620915487147207721314","155104923709032075912544944120798851168","277898733793016074264833722723543423604"],"threshold":0.9},"signature_version":"v1","id":"CVE-2016-5770-0d5a8078","source":"https://github.com/php/php-src/commit/7245bff300d3fa8bacbef7897ff080a6f1c23eba","deprecated":false},{"target":{"function":"SPL_METHOD","file":"ext/spl/spl_directory.c"},"signature_type":"Function","digest":{"length":650,"function_hash":"320784255130194455252737568462051099377"},"signature_version":"v1","deprecated":false,"source":"https://github.com/php/php-src/commit/7245bff300d3fa8bacbef7897ff080a6f1c23eba","id":"CVE-2016-5770-e8b28e12"}]}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}