Double free vulnerability in PHP mbstring extension allows remote code execution or denial of service

Double free vulnerability in PHP mbstring extension allows remote code execution or denial of service

CVE-2016-5768 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Double free vulnerability in the _php_mb_regex_ereg_replace_exec function in php_mbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by leveraging a callback exception.

Learn more about our Web Application Penetration Testing UK.