DescriptionMultiple integer overflows in ext/standard/exec.c in PHP 7.x before 7.0.2 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a long string to the (1) php_escape_shell_cmd or (2) php_escape_shell_arg function, leading to a heap-based buffer overflow.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severityhigh (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
php5 (PTS)wheezy5.4.45-0+deb7u2fixed
wheezy (security)5.4.45-0+deb7u12fixed
jessie (security)5.6.33+dfsg-0+deb8u1fixed
php7.0 (PTS)stretch (security), stretch7.0.27-0+deb9u1fixed
buster, sid7.0.28-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
php5source(unstable)(not affected)
php5.6source(unstable)(not affected)


- php5 <not-affected> (Vulnerable code not present)
- php5.6 <not-affected> (Vulnerable code not present)
Already using safe_emalloc() in php_escape_shell_cmd()

Search for package or bug name: Reporting problems