[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2016-5399":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":20,"aliases":59,"duplicate_of":9,"upstream":60,"downstream":61,"duplicates":86,"related":87,"reserved_at":9,"published_at":94,"modified_at":95,"state":96,"summary":97,"references_raw":105,"kevs":180,"epss":181,"epss_history":184,"metrics":423,"affected":434},"CVE-2016-5399","The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-787","Out-of-bounds Write","The product writes data past the end, or before the beginning, of the intended buffer.","weakness","Draft","Base","High",[],[21,30,35,40,45],{"_key":22,"name":23,"source":24,"url":25,"maturity":26,"reliability_score":27,"verified":28,"type":9,"platforms":29,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_A4C1BB31626B551F","Exploit Reference (packetstormsecurity.com)","reference","http://packetstormsecurity.com/files/137998/PHP-7.0.8-5.6.23-5.5.37-bzread-OOB-Write.html","unknown",0.2,false,[],{"_key":31,"name":32,"source":24,"url":33,"maturity":26,"reliability_score":27,"verified":28,"type":9,"platforms":34,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_63C0FD5E03094577","Exploit Reference (seclists.org)","http://seclists.org/fulldisclosure/2016/Jul/72",[],{"_key":36,"name":37,"source":24,"url":38,"maturity":26,"reliability_score":27,"verified":28,"type":9,"platforms":39,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_C1859540FCCF2C54","Exploit Reference (openwall.com)","http://www.openwall.com/lists/oss-security/2016/07/21/1",[],{"_key":41,"name":42,"source":24,"url":43,"maturity":26,"reliability_score":27,"verified":28,"type":9,"platforms":44,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_9E9AE3201561E44B","Exploit Reference (bugs.php.net)","https://bugs.php.net/bug.php?id=72613",[],{"_key":46,"name":47,"source":48,"url":49,"maturity":50,"reliability_score":51,"verified":52,"type":53,"platforms":54,"requires_auth":9,"exploitdb":56,"metasploit":9},"40155","PHP 5.5.37/5.6.23/7.0.8 - 'bzread()' Out-of-Bounds Write","exploit-database","https://www.exploit-db.com/exploits/40155","poc",0.8,true,"dos",[55],"php",{"verified":52,"type":53,"platform":55,"file":57,"codes":58},"exploits/php/dos/40155.py",[7],[],[],[62,64,66,68,70,72,74,76,78,80,82,84],{"_key":63},"SUSE-SU-2016:2080-1",{"_key":65},"SUSE-SU-2016:2210-1",{"_key":67},"SUSE-SU-2016:2328-1",{"_key":69},"SUSE-SU-2016:2408-1",{"_key":71},"SUSE-SU-2016:2460-1",{"_key":73},"SUSE-SU-2016:2460-2",{"_key":75},"DLA-628-1",{"_key":77},"DSA-3631-1",{"_key":79},"UBUNTU-CVE-2016-5399",{"_key":81},"USN-3045-1",{"_key":83},"RHSA-2016:2598",{"_key":85},"RHSA-2016:2750",[],[88,89,90,91,92,93],{"_key":63},{"_key":65},{"_key":67},{"_key":69},{"_key":71},{"_key":73},"2017-04-21T20:00:00.000Z","2024-08-06T01:01:00.624Z","Modified",{"cisa_kev":28,"cisa_ransomware":28,"cisa_vendor":9,"epss_severity":98,"epss_score":99,"severity":100,"severity_score":101,"severity_version":102,"severity_source":103,"severity_vector":104,"severity_status":96},"medium",0.13858,"high",7.8,"v3.1","nvd","CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",[106,114,119,124,130,134,139,143,148,152,157,161,166,171,175],{"url":107,"sources":108,"tags":110},"http://www.securityfocus.com/bid/92051",[109,103],"cve.org",[111,112,113],"VDB Entry","X Refsource BID","Third Party Advisory",{"url":25,"sources":115,"tags":116},[109,103],[117,118,113,111],"X Refsource MISC","Exploit",{"url":33,"sources":120,"tags":121},[109,103],[122,123,118,113],"Mailing List","X Refsource FULLDISC",{"url":125,"sources":126,"tags":127},"https://bugzilla.redhat.com/show_bug.cgi?id=1358395",[109,103],[128,129,113,111],"X Refsource CONFIRM","Issue Tracking",{"url":38,"sources":131,"tags":132},[109,103],[122,133,118,113],"X Refsource MLIST",{"url":135,"sources":136,"tags":137},"http://www.securityfocus.com/archive/1/538966/100/0/threaded",[109,103],[122,138,113,111],"X Refsource BUGTRAQ",{"url":43,"sources":140,"tags":141},[109,103],[128,118,142],"Vendor Advisory",{"url":144,"sources":145,"tags":146},"http://rhn.redhat.com/errata/RHSA-2016-2750.html",[109,103],[142,147,113],"X Refsource REDHAT",{"url":149,"sources":150,"tags":151},"http://rhn.redhat.com/errata/RHSA-2016-2598.html",[109,103],[142,147,113],{"url":153,"sources":154,"tags":155},"http://php.net/ChangeLog-5.php",[109,103],[128,156,142],"Release Notes",{"url":158,"sources":159,"tags":160},"https://security.netapp.com/advisory/ntap-20180112-0001/",[109,103],[128,113],{"url":162,"sources":163,"tags":164},"http://www.securitytracker.com/id/1036430",[109,103],[111,165,113],"X Refsource SECTRACK",{"url":167,"sources":168,"tags":169},"http://www.debian.org/security/2016/dsa-3631",[109,103],[142,170,113],"X Refsource DEBIAN",{"url":172,"sources":173,"tags":174},"http://php.net/ChangeLog-7.php",[109,103],[128,156,142],{"url":176,"sources":177,"tags":178},"https://www.exploit-db.com/exploits/40155/",[109,103],[118,179,113,111],"X Refsource EXPLOIT DB",[],{"date":182,"score":99,"percentile":183},"2026-06-04",0.9443,[185,189,191,193,196,198,200,202,204,207,209,212,215,217,220,223,226,229,232,235,238,240,243,246,249,251,254,256,259,261,264,266,269,271,274,277,280,283,286,289,291,293,296,299,302,304,306,308,310,312,315,318,321,324,328,331,334,336,338,341,344,347,349,351,353,355,357,359,361,364,366,368,372,374,377,380,383,386,388,391,394,397,400,403,406,408,411,414,417,420],{"date":186,"score":187,"percentile":188},"2025-11-04",0.2096,0.95391,{"date":190,"score":187,"percentile":188},"2025-11-05",{"date":192,"score":187,"percentile":188},"2025-11-06",{"date":194,"score":187,"percentile":195},"2025-11-07",0.95392,{"date":197,"score":187,"percentile":195},"2025-11-08",{"date":199,"score":187,"percentile":188},"2025-11-09",{"date":201,"score":187,"percentile":195},"2025-11-10",{"date":203,"score":187,"percentile":195},"2025-11-11",{"date":205,"score":187,"percentile":206},"2025-11-12",0.95396,{"date":208,"score":187,"percentile":206},"2025-11-13",{"date":210,"score":187,"percentile":211},"2025-11-14",0.95398,{"date":213,"score":187,"percentile":214},"2025-11-15",0.95395,{"date":216,"score":187,"percentile":211},"2025-11-16",{"date":218,"score":187,"percentile":219},"2025-11-17",0.954,{"date":221,"score":187,"percentile":222},"2025-11-18",0.95236,{"date":224,"score":187,"percentile":225},"2025-11-19",0.95238,{"date":227,"score":187,"percentile":228},"2025-11-20",0.95241,{"date":230,"score":187,"percentile":231},"2025-11-21",0.95406,{"date":233,"score":187,"percentile":234},"2025-11-22",0.95405,{"date":236,"score":187,"percentile":237},"2025-11-23",0.95404,{"date":239,"score":187,"percentile":234},"2025-11-24",{"date":241,"score":187,"percentile":242},"2025-11-25",0.95407,{"date":244,"score":187,"percentile":245},"2025-11-26",0.9541,{"date":247,"score":187,"percentile":248},"2025-11-27",0.95411,{"date":250,"score":187,"percentile":245},"2025-11-28",{"date":252,"score":187,"percentile":253},"2025-11-29",0.95413,{"date":255,"score":187,"percentile":248},"2025-11-30",{"date":257,"score":187,"percentile":258},"2025-12-01",0.95445,{"date":260,"score":187,"percentile":258},"2025-12-02",{"date":262,"score":187,"percentile":263},"2025-12-03",0.95446,{"date":265,"score":187,"percentile":245},"2025-12-04",{"date":267,"score":187,"percentile":268},"2025-12-05",0.95414,{"date":270,"score":187,"percentile":253},"2025-12-06",{"date":272,"score":187,"percentile":273},"2025-12-07",0.95419,{"date":275,"score":187,"percentile":276},"2025-12-08",0.95421,{"date":278,"score":187,"percentile":279},"2025-12-09",0.95425,{"date":281,"score":187,"percentile":282},"2025-12-10",0.95429,{"date":284,"score":187,"percentile":285},"2025-12-11",0.95432,{"date":287,"score":187,"percentile":288},"2025-12-12",0.95434,{"date":290,"score":187,"percentile":288},"2025-12-13",{"date":292,"score":187,"percentile":288},"2025-12-14",{"date":294,"score":187,"percentile":295},"2025-12-15",0.95437,{"date":297,"score":187,"percentile":298},"2025-12-16",0.9544,{"date":300,"score":187,"percentile":301},"2025-12-17",0.95443,{"date":303,"score":187,"percentile":263},"2025-12-18",{"date":305,"score":187,"percentile":263},"2025-12-19",{"date":307,"score":187,"percentile":263},"2025-12-20",{"date":309,"score":187,"percentile":263},"2025-12-21",{"date":311,"score":187,"percentile":263},"2025-12-22",{"date":313,"score":187,"percentile":314},"2025-12-23",0.95447,{"date":316,"score":187,"percentile":317},"2025-12-24",0.95451,{"date":319,"score":187,"percentile":320},"2025-12-25",0.95454,{"date":322,"score":187,"percentile":323},"2025-12-26",0.95455,{"date":325,"score":326,"percentile":327},"2025-12-27",0.19446,0.95216,{"date":329,"score":187,"percentile":330},"2025-12-28",0.95449,{"date":332,"score":187,"percentile":333},"2025-12-29",0.9545,{"date":335,"score":187,"percentile":317},"2025-12-30",{"date":337,"score":187,"percentile":323},"2025-12-31",{"date":339,"score":187,"percentile":340},"2026-01-01",0.95494,{"date":342,"score":187,"percentile":343},"2026-01-02",0.95489,{"date":345,"score":187,"percentile":346},"2026-01-03",0.95485,{"date":348,"score":187,"percentile":314},"2026-01-04",{"date":350,"score":187,"percentile":301},"2026-01-05",{"date":352,"score":187,"percentile":301},"2026-01-06",{"date":354,"score":187,"percentile":301},"2026-01-07",{"date":356,"score":187,"percentile":314},"2026-01-08",{"date":358,"score":187,"percentile":330},"2026-01-09",{"date":360,"score":187,"percentile":333},"2026-01-10",{"date":362,"score":187,"percentile":363},"2026-01-11",0.95448,{"date":365,"score":187,"percentile":363},"2026-01-12",{"date":367,"score":187,"percentile":314},"2026-01-13",{"date":369,"score":370,"percentile":371},"2026-01-14",0.17137,0.94783,{"date":373,"score":370,"percentile":371},"2026-01-15",{"date":375,"score":370,"percentile":376},"2026-01-16",0.94785,{"date":378,"score":370,"percentile":379},"2026-01-17",0.94787,{"date":381,"score":370,"percentile":382},"2026-01-18",0.94786,{"date":384,"score":370,"percentile":385},"2026-01-19",0.94782,{"date":387,"score":370,"percentile":379},"2026-01-20",{"date":389,"score":370,"percentile":390},"2026-01-21",0.94788,{"date":392,"score":370,"percentile":393},"2026-01-22",0.94791,{"date":395,"score":370,"percentile":396},"2026-01-23",0.94796,{"date":398,"score":370,"percentile":399},"2026-01-24",0.948,{"date":401,"score":370,"percentile":402},"2026-01-25",0.94803,{"date":404,"score":370,"percentile":405},"2026-01-26",0.94804,{"date":407,"score":370,"percentile":405},"2026-01-27",{"date":409,"score":370,"percentile":410},"2026-01-28",0.94807,{"date":412,"score":370,"percentile":413},"2026-01-29",0.9481,{"date":415,"score":370,"percentile":416},"2026-01-30",0.94811,{"date":418,"score":370,"percentile":419},"2026-01-31",0.94812,{"date":421,"score":370,"percentile":422},"2026-02-01",0.94847,[424],{"source":103,"cvss_v2_0":425,"cvss_v3_0":9,"cvss_v3_1":430,"cvss_v4_0":9},{"baseScore":426,"baseSeverity":9,"vectorString":427,"impactScore":428,"exploitabilityScore":429},6.8,"AV:N/AC:M/Au:N/C:P/I:P/A:P",6.4,8.6,{"baseScore":101,"baseSeverity":431,"vectorString":104,"impactScore":432,"exploitabilityScore":433},"HIGH",9.8,4.6,[435],{"ecosystem":9,"name":436,"vendor":9,"product":436,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":437},"PHP",[438,443,448],{"version":439,"is_range":52,"range_type":440,"version_start":9,"version_start_type":9,"version_end":441,"version_end_type":442,"fixed_in":9},"lte5.5.37","cpe","5.5.37","including",{"version":444,"is_range":52,"range_type":440,"version_start":445,"version_start_type":442,"version_end":446,"version_end_type":447,"fixed_in":9},"gte5.6.0_lt5.6.24","5.6.0","5.6.24","excluding",{"version":449,"is_range":52,"range_type":440,"version_start":450,"version_start_type":442,"version_end":451,"version_end_type":447,"fixed_in":9},"gte7.0.0_lt7.0.9","7.0.0","7.0.9"]