[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2016-5771":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":20,"aliases":30,"duplicate_of":9,"upstream":31,"downstream":32,"duplicates":49,"related":50,"reserved_at":9,"published_at":54,"modified_at":55,"state":56,"summary":57,"references_raw":65,"kevs":130,"epss":131,"epss_history":134,"metrics":376,"affected":385},"CVE-2016-5771","spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-416","Use After Free","The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory \"belongs\" to the code that operates on the new pointer.","weakness","Stable","Variant","High",[],[21],{"_key":22,"name":23,"source":24,"url":25,"maturity":26,"reliability_score":27,"verified":28,"type":9,"platforms":29,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_DD8E545B24796810","Exploit Reference (bugs.php.net)","reference","https://bugs.php.net/bug.php?id=72433","unknown",0.2,false,[],[],[],[33,35,37,39,41,43,45,47],{"_key":34},"SUSE-SU-2016:1842-1",{"_key":36},"SUSE-SU-2018:0806-1",{"_key":38},"DLA-628-1",{"_key":40},"DSA-3618-1",{"_key":42},"MGASA-2016-0238",{"_key":44},"UBUNTU-CVE-2016-5771",{"_key":46},"USN-3045-1",{"_key":48},"RHSA-2016:2750",[],[51,52,53],{"_key":34},{"_key":36},{"_key":42},"2016-08-07T10:00:00.000Z","2024-08-06T01:15:10.679Z","Modified",{"cisa_kev":28,"cisa_ransomware":28,"cisa_vendor":9,"epss_severity":58,"epss_score":59,"severity":60,"severity_score":61,"severity_version":62,"severity_source":63,"severity_vector":64,"severity_status":56},"low",0.09582,"critical",9.8,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[66,74,82,87,91,96,101,106,111,116,122,126],{"url":67,"sources":68,"tags":70},"http://github.com/php/php-src/commit/3f627e580acfdaf0595ae3b115b8bec677f203ee?w=1",[69,63],"cve.org",[71,72,73],"X Refsource CONFIRM","Patch","Third Party Advisory",{"url":75,"sources":76,"tags":77},"http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html",[69,63],[78,79,80,81],"Vendor Advisory","X Refsource APPLE","Broken Link","Mailing List",{"url":83,"sources":84,"tags":85},"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.html",[69,63],[78,86,81,73],"X Refsource SUSE",{"url":88,"sources":89,"tags":90},"http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html",[69,63],[78,86,81,73],{"url":92,"sources":93,"tags":94},"http://rhn.redhat.com/errata/RHSA-2016-2750.html",[69,63],[78,95,73],"X Refsource REDHAT",{"url":25,"sources":97,"tags":98},[69,63],[71,99,100,78],"Exploit","Issue Tracking",{"url":102,"sources":103,"tags":104},"http://php.net/ChangeLog-5.php",[69,63],[71,72,105,78],"Release Notes",{"url":107,"sources":108,"tags":109},"http://www.openwall.com/lists/oss-security/2016/06/23/4",[69,63],[81,110,72,73],"X Refsource MLIST",{"url":112,"sources":113,"tags":114},"http://www.debian.org/security/2016/dsa-3618",[69,63],[78,115,73],"X Refsource DEBIAN",{"url":117,"sources":118,"tags":119},"http://www.securityfocus.com/bid/91401",[69,63],[120,121,73],"VDB Entry","X Refsource BID",{"url":123,"sources":124,"tags":125},"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731",[69,63],[71,73],{"url":127,"sources":128,"tags":129},"https://support.apple.com/HT207170",[69,63],[71,73],[],{"date":132,"score":59,"percentile":133},"2026-06-04",0.93018,[135,139,141,144,147,150,152,154,157,160,163,166,168,170,173,176,179,182,185,188,190,193,196,198,201,203,205,208,212,215,218,220,222,224,227,230,233,236,239,242,244,247,249,252,255,258,260,262,265,267,270,273,276,279,283,286,288,291,294,297,300,303,306,308,311,313,315,317,320,322,324,326,329,332,334,336,338,340,342,345,348,351,354,357,360,362,365,368,370,372],{"date":136,"score":137,"percentile":138},"2025-11-04",0.13654,0.93948,{"date":140,"score":137,"percentile":138},"2025-11-05",{"date":142,"score":137,"percentile":143},"2025-11-06",0.9395,{"date":145,"score":137,"percentile":146},"2025-11-07",0.93953,{"date":148,"score":137,"percentile":149},"2025-11-08",0.93954,{"date":151,"score":137,"percentile":149},"2025-11-09",{"date":153,"score":137,"percentile":149},"2025-11-10",{"date":155,"score":137,"percentile":156},"2025-11-11",0.93956,{"date":158,"score":137,"percentile":159},"2025-11-12",0.93961,{"date":161,"score":137,"percentile":162},"2025-11-13",0.93962,{"date":164,"score":137,"percentile":165},"2025-11-14",0.93965,{"date":167,"score":137,"percentile":162},"2025-11-15",{"date":169,"score":137,"percentile":165},"2025-11-16",{"date":171,"score":137,"percentile":172},"2025-11-17",0.93964,{"date":174,"score":137,"percentile":175},"2025-11-18",0.93606,{"date":177,"score":137,"percentile":178},"2025-11-19",0.93609,{"date":180,"score":137,"percentile":181},"2025-11-20",0.93617,{"date":183,"score":137,"percentile":184},"2025-11-21",0.93973,{"date":186,"score":137,"percentile":187},"2025-11-22",0.93971,{"date":189,"score":137,"percentile":184},"2025-11-23",{"date":191,"score":137,"percentile":192},"2025-11-24",0.93974,{"date":194,"score":137,"percentile":195},"2025-11-25",0.93976,{"date":197,"score":137,"percentile":195},"2025-11-26",{"date":199,"score":137,"percentile":200},"2025-11-27",0.93979,{"date":202,"score":137,"percentile":184},"2025-11-28",{"date":204,"score":137,"percentile":195},"2025-11-29",{"date":206,"score":137,"percentile":207},"2025-11-30",0.93975,{"date":209,"score":210,"percentile":211},"2025-12-01",0.22926,0.95711,{"date":213,"score":210,"percentile":214},"2025-12-02",0.95709,{"date":216,"score":210,"percentile":217},"2025-12-03",0.95712,{"date":219,"score":137,"percentile":195},"2025-12-04",{"date":221,"score":137,"percentile":200},"2025-12-05",{"date":223,"score":137,"percentile":200},"2025-12-06",{"date":225,"score":137,"percentile":226},"2025-12-07",0.93978,{"date":228,"score":137,"percentile":229},"2025-12-08",0.93981,{"date":231,"score":137,"percentile":232},"2025-12-09",0.93987,{"date":234,"score":137,"percentile":235},"2025-12-10",0.93994,{"date":237,"score":137,"percentile":238},"2025-12-11",0.93996,{"date":240,"score":137,"percentile":241},"2025-12-12",0.93998,{"date":243,"score":137,"percentile":241},"2025-12-13",{"date":245,"score":137,"percentile":246},"2025-12-14",0.93995,{"date":248,"score":137,"percentile":241},"2025-12-15",{"date":250,"score":137,"percentile":251},"2025-12-16",0.94001,{"date":253,"score":137,"percentile":254},"2025-12-17",0.94005,{"date":256,"score":137,"percentile":257},"2025-12-18",0.94011,{"date":259,"score":137,"percentile":257},"2025-12-19",{"date":261,"score":137,"percentile":257},"2025-12-20",{"date":263,"score":137,"percentile":264},"2025-12-21",0.94012,{"date":266,"score":137,"percentile":264},"2025-12-22",{"date":268,"score":137,"percentile":269},"2025-12-23",0.94013,{"date":271,"score":137,"percentile":272},"2025-12-24",0.94017,{"date":274,"score":137,"percentile":275},"2025-12-25",0.94025,{"date":277,"score":137,"percentile":278},"2025-12-26",0.94023,{"date":280,"score":281,"percentile":282},"2025-12-27",0.08186,0.91925,{"date":284,"score":137,"percentile":285},"2025-12-28",0.94019,{"date":287,"score":137,"percentile":285},"2025-12-29",{"date":289,"score":137,"percentile":290},"2025-12-30",0.94022,{"date":292,"score":137,"percentile":293},"2025-12-31",0.94028,{"date":295,"score":210,"percentile":296},"2026-01-01",0.95752,{"date":298,"score":210,"percentile":299},"2026-01-02",0.95746,{"date":301,"score":210,"percentile":302},"2026-01-03",0.95744,{"date":304,"score":137,"percentile":305},"2026-01-04",0.94021,{"date":307,"score":137,"percentile":272},"2026-01-05",{"date":309,"score":137,"percentile":310},"2026-01-06",0.94018,{"date":312,"score":137,"percentile":285},"2026-01-07",{"date":314,"score":137,"percentile":278},"2026-01-08",{"date":316,"score":137,"percentile":275},"2026-01-09",{"date":318,"score":137,"percentile":319},"2026-01-10",0.94026,{"date":321,"score":137,"percentile":278},"2026-01-11",{"date":323,"score":137,"percentile":305},"2026-01-12",{"date":325,"score":137,"percentile":290},"2026-01-13",{"date":327,"score":328,"percentile":269},"2026-01-14",0.13594,{"date":330,"score":328,"percentile":331},"2026-01-15",0.94015,{"date":333,"score":328,"percentile":310},"2026-01-16",{"date":335,"score":328,"percentile":278},"2026-01-17",{"date":337,"score":328,"percentile":310},"2026-01-18",{"date":339,"score":328,"percentile":272},"2026-01-19",{"date":341,"score":328,"percentile":310},"2026-01-20",{"date":343,"score":328,"percentile":344},"2026-01-21",0.9402,{"date":346,"score":328,"percentile":347},"2026-01-22",0.94024,{"date":349,"score":328,"percentile":350},"2026-01-23",0.9403,{"date":352,"score":328,"percentile":353},"2026-01-24",0.94034,{"date":355,"score":328,"percentile":356},"2026-01-25",0.94035,{"date":358,"score":328,"percentile":359},"2026-01-26",0.94038,{"date":361,"score":328,"percentile":359},"2026-01-27",{"date":363,"score":328,"percentile":364},"2026-01-28",0.94042,{"date":366,"score":328,"percentile":367},"2026-01-29",0.94043,{"date":369,"score":328,"percentile":364},"2026-01-30",{"date":371,"score":328,"percentile":367},"2026-01-31",{"date":373,"score":374,"percentile":375},"2026-02-01",0.23911,0.95903,[377],{"source":63,"cvss_v2_0":378,"cvss_v3_0":9,"cvss_v3_1":383,"cvss_v4_0":9},{"baseScore":379,"baseSeverity":9,"vectorString":380,"impactScore":381,"exploitabilityScore":382},7.5,"AV:N/AC:L/Au:N/C:P/I:P/A:P",6.4,10,{"baseScore":61,"baseSeverity":384,"vectorString":64,"impactScore":61,"exploitabilityScore":382},"CRITICAL",[386,395,401,405],{"ecosystem":9,"name":387,"vendor":388,"product":389,"cpe_part":390,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":391},"debian linux","debian","debian_linux","o",[392],{"version":393,"is_range":28,"range_type":394,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.0","cpe",{"ecosystem":9,"name":396,"vendor":397,"product":396,"cpe_part":390,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":398},"leap","opensuse",[399],{"version":400,"is_range":28,"range_type":394,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"42.1",{"ecosystem":9,"name":397,"vendor":397,"product":397,"cpe_part":390,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":402},[403],{"version":404,"is_range":28,"range_type":394,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"13.2",{"ecosystem":9,"name":406,"vendor":9,"product":406,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":407},"PHP",[408,413,418],{"version":409,"is_range":410,"range_type":394,"version_start":9,"version_start_type":9,"version_end":411,"version_end_type":412,"fixed_in":9},"lt5.5.37",true,"5.5.37","excluding",{"version":414,"is_range":410,"range_type":394,"version_start":415,"version_start_type":416,"version_end":417,"version_end_type":412,"fixed_in":9},"gte5.6.0_lt5.6.23","5.6.0","including","5.6.23",{"version":419,"is_range":410,"range_type":394,"version_start":420,"version_start_type":416,"version_end":421,"version_end_type":412,"fixed_in":9},"gte7.0.0_lt7.0.8","7.0.0","7.0.8"]