UBUNTU-CVE-2016-5095

Advisory lineage Upstream: 1 Downstream: 1
Upstream
CVE-2016-5095
Downstream
USN-3045-1
Published: 30 May 2016, 00:00
Last modified:22 Apr 2026, 10:47

Vulnerability Summary

Overall Risk (default)
medium
34/100
CVSS Score
8.6 HIGH
3.0 (osv_ubuntu)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

30 May 2016, 00:00
Published
Vulnerability first disclosed
22 Apr 2026, 10:47
Last Modified
Vulnerability information updated

Description

Integer overflow in the php_escape_html_entities_ex function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from a FILTER_SANITIZE_FULL_SPECIAL_CHARS filter_var call. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-5094.

CVSS Metrics

  • v3.0HIGHScore: 8.6CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Affected Systems

  • ubuntuphp5

    < 5.5.9+dfsg-1ubuntu4.19

References (4)