CVE-2013-7456 and CVE-2016-5093 PHP vulnerabilities


Severity

Low

Vendor

PHP

Versions Affected
  • Cloud Foundry PHP buildpack versions prior to 4.3.14
Description

Several out-of-bounds reads were discovered in PHP and its dependencies that could cause memory leaks or other unexpected conditions.

Affected Pivotal Products and Versions

Severity is low unless otherwise noted.

  • Note: The PHP buildpack is patched from upstream PHP source. No Pivotal products are affected.
Mitigation

Users of affected versions should apply the following mitigation:

  • Upgrade the PHP Buildpack to v4.3.14 or later and restage all applications that use automated buildpack detection
References