UBUNTU-CVE-2016-5114

Advisory lineage Upstream: 1 Downstream: 1
Upstream
CVE-2016-5114
Downstream
USN-3045-1
Published: 30 May 2016, 00:00
Last modified:22 Apr 2026, 10:47

Vulnerability Summary

Overall Risk (default)
high
70/100
CVSS Score
9.1 CRITICAL
3.0 (osv_ubuntu)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

30 May 2016, 00:00
Published
Vulnerability first disclosed
22 Apr 2026, 10:47
Last Modified
Vulnerability information updated

Description

sapi/fpm/fpm/fpm_log.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 misinterprets the semantics of the snprintf return value, which allows attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and buffer overflow) via a long string, as demonstrated by a long URI in a configuration with custom REQUEST_URI logging.

CVSS Metrics

  • v3.0CRITICALScore: 9.1CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Affected Systems

  • ubuntuphp5

    < 5.5.9+dfsg-1ubuntu4.19

References (5)