{"id":"CVE-2016-7398","details":"A type confusion vulnerability in the merge_param() function of php_http_params.c in PHP's pecl-http extension 3.1.0beta2 (PHP 7) and earlier as well as 2.6.0beta2 (PHP 5) and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests.","modified":"2026-04-11T05:00:46.674018Z","published":"2019-09-06T19:15:11.387Z","references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2019/09/msg00022.html"},{"type":"FIX","url":"https://github.com/m6w6/ext-http/commit/17137d4ab1ce81a2cee0fae842340a344ef3da83"},{"type":"EVIDENCE","url":"https://bugs.php.net/bug.php?id=73055"},{"type":"EVIDENCE","url":"https://bugs.php.net/bug.php?id=73055&edit=1"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/m6w6/ext-http","events":[{"introduced":"0"},{"last_affected":"4f48201b690b6b10bffa348833364d1a3760483c"},{"introduced":"1eef7cfb325e57887432f6bba837c8e39d3e7f34"},{"last_affected":"9d607c62df6393665a82f4997eae68345395c0fc"},{"introduced":"0"},{"last_affected":"78b1171bc5e44396d142957532d7b3992a818d16"},{"introduced":"0"},{"last_affected":"78b58967b4befb4118572312f82f63d77e102b41"},{"introduced":"0"},{"last_affected":"cc9215bc026c37420de775d3ef95c582caf8eca0"},{"introduced":"0"},{"last_affected":"7aae15af085c924234725d7e55a4b571fe4b9ea5"},{"introduced":"0"},{"last_affected":"635a882456da2800b93bac83bbbd33404ffd0798"},{"introduced":"0"},{"last_affected":"2af0b25292467a09e408d07b1fab39f9e407609a"},{"introduced":"0"},{"last_affected":"9cf5671e4429610d3e82e304e16166c1c44d1566"},{"introduced":"0"},{"last_affected":"9dd0b2cfed592d833ab46eca976d50e0c5696d77"},{"fixed":"17137d4ab1ce81a2cee0fae842340a344ef3da83"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.5.6"},{"introduced":"3.0.0"},{"last_affected":"3.0.1"},{"introduced":"0"},{"last_affected":"2.6.0-NA"},{"introduced":"0"},{"last_affected":"2.6.0-beta1"},{"introduced":"0"},{"last_affected":"2.6.0-beta2"},{"introduced":"0"},{"last_affected":"2.6.0-rc1"},{"introduced":"0"},{"last_affected":"3.1.0"},{"introduced":"0"},{"last_affected":"3.1.0-beta1"},{"introduced":"0"},{"last_affected":"3.1.0-beta2"},{"introduced":"0"},{"last_affected":"3.1.0-rc1"}]}}],"versions":["RELEASE_2_0_1","RELEASE_2_0_2","RELEASE_2_0_3","RELEASE_2_0_4","RELEASE_2_5_0","RELEASE_2_5_0_RC1","RELEASE_2_5_1","RELEASE_2_5_2","RELEASE_2_5_3","RELEASE_2_5_5","RELEASE_2_5_6","RELEASE_2_6_0","RELEASE_2_6_0_BETA1","RELEASE_2_6_0_BETA2","RELEASE_2_6_0_RC1","RELEASE_3_0_0","RELEASE_3_0_1","RELEASE_3_1_0","RELEASE_3_1_0_BETA1","RELEASE_3_1_0_BETA2","RELEASE_3_1_0_RC1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-7398.json","vanir_signatures":[{"source":"https://github.com/m6w6/ext-http/commit/17137d4ab1ce81a2cee0fae842340a344ef3da83","id":"CVE-2016-7398-1d33e960","deprecated":false,"signature_version":"v1","signature_type":"Line","target":{"file":"src/php_http_params.c"},"digest":{"line_hashes":["131021496443385898743292904032294007741","91232038910744409217388444223265266793","261318667876175873601489787703585171531","167123906585228430315616853570800366652"],"threshold":0.9}}],"vanir_signatures_modified":"2026-04-11T05:00:46Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}