integer overflow in ZipArchive::getFrom (CVE-2016-3078)

Created:

2016-11-16 13:11:02 UTC

Modified:

2017-08-08 13:36:56 UTC

0

Was this article helpful?


Have more questions?

Submit a request

integer overflow in ZipArchive::getFrom (CVE-2016-3078)

Applicable to:

  • Plesk 12.5 for Linux
  • Plesk 12.0 for Linux

Symptoms

An integer wrap may occur in PHP 7.x when reading zip files with thegetFromindex() and getFromName() methods of ZipArchive, resulting in aheap overflow. This security issue got CVE-2016-3078 assigned. PHP 7 packaged by Plesk team is also affected.

Resolution

Affected PHP version was already updated by vendor to include fixes this security issue. Plesk team also updated PHP in our package to close this security treat, fix is included in the recent Micro-Updates:

Plesk takes the security of our customers very seriously and encourages you to apply updates as soon as possible.

Have more questions? Submit a request
Please sign in to leave a comment.