Critical severity9.8NVD Advisory· Published Jul 25, 2016· Updated Jun 17, 2026
CVE-2016-6288
CVE-2016-6288
Description
The php_url_parse_ex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via vectors involving the smart_str data type.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
9- osv-coords7 versionspkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSSpkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/php5&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012pkg:rpm/suse/php5&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSSpkg:rpm/suse/php5&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1
< 5.3.17-55.1+ 6 more
- (no CPE)range: < 5.3.17-55.1
- (no CPE)range: < 5.3.17-79.2
- (no CPE)range: < 5.3.17-79.2
- (no CPE)range: < 5.3.17-79.2
- (no CPE)range: < 5.5.14-73.1
- (no CPE)range: < 5.2.14-0.7.30.89.1
- (no CPE)range: < 5.5.14-73.1
Patches
Vulnerability mechanics
References
9- www.securityfocus.com/bid/92111nvdThird Party AdvisoryVDB Entry
- bugs.php.net/70480nvdIssue TrackingMitigationThird Party Advisory
- openwall.com/lists/oss-security/2016/07/24/2nvdMailing List
- php.net/ChangeLog-5.phpnvdRelease Notes
- git.php.netnvd
- lists.apple.com/archives/security-announce/2016/Sep/msg00006.htmlnvd
- rhn.redhat.com/errata/RHSA-2016-2750.htmlnvd
- www.securitytracker.com/id/1036430nvd
- support.apple.com/HT207170nvd
News mentions
0No linked articles in our index yet.