{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "last_affected": "2.5.6" }, { "introduced": "3.0.0" }, { "last_affected": "3.0.1" }, { "introduced": "0" }, { "last_affected": "2.6.0-NA" }, { "introduced": "0" }, { "last_affected": "2.6.0-beta1" }, { "introduced": "0" }, { "last_affected": "2.6.0-beta2" }, { "introduced": "0" }, { "last_affected": "2.6.0-rc1" }, { "introduced": "0" }, { "last_affected": "3.1.0" }, { "introduced": "0" }, { "last_affected": "3.1.0-beta1" }, { "introduced": "0" }, { "last_affected": "3.1.0-beta2" }, { "introduced": "0" }, { "last_affected": "3.1.0-rc1" } ] }, "events": [ { "introduced": "0" }, { "last_affected": "4f48201b690b6b10bffa348833364d1a3760483c" }, { "introduced": "1eef7cfb325e57887432f6bba837c8e39d3e7f34" }, { "last_affected": "9d607c62df6393665a82f4997eae68345395c0fc" }, { "introduced": "0" }, { "last_affected": "78b1171bc5e44396d142957532d7b3992a818d16" }, { "introduced": "0" }, { "last_affected": "78b58967b4befb4118572312f82f63d77e102b41" }, { "introduced": "0" }, { "last_affected": "cc9215bc026c37420de775d3ef95c582caf8eca0" }, { "introduced": "0" }, { "last_affected": "7aae15af085c924234725d7e55a4b571fe4b9ea5" }, { "introduced": "0" }, { "last_affected": "635a882456da2800b93bac83bbbd33404ffd0798" }, { "introduced": "0" }, { "last_affected": "2af0b25292467a09e408d07b1fab39f9e407609a" }, { "introduced": "0" }, { "last_affected": "9cf5671e4429610d3e82e304e16166c1c44d1566" }, { "introduced": "0" }, { "last_affected": "9dd0b2cfed592d833ab46eca976d50e0c5696d77" }, { "fixed": "17137d4ab1ce81a2cee0fae842340a344ef3da83" } ], "repo": "https://github.com/m6w6/ext-http", "type": "GIT" } ] } ], "details": "A type confusion vulnerability in the merge_param() function of php_http_params.c in PHP's pecl-http extension 3.1.0beta2 (PHP 7) and earlier as well as 2.6.0beta2 (PHP 5) and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests.", "id": "CVE-2016-7398", "modified": "2026-03-15T21:46:12.866732490Z", "published": "2019-09-06T19:15:11.387Z", "references": [ { "type": "WEB", "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00022.html" }, { "type": "FIX", "url": "https://github.com/m6w6/ext-http/commit/17137d4ab1ce81a2cee0fae842340a344ef3da83" }, { "type": "EVIDENCE", "url": "https://bugs.php.net/bug.php?id=73055" }, { "type": "EVIDENCE", "url": "https://bugs.php.net/bug.php?id=73055\u0026edit=1" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }