CVE-2013-7456 and CVE-2016-5093 PHP vulnerabilities
Severity
Low
Vendor
PHP
Versions Affected
- Cloud Foundry PHP buildpack versions prior to 4.3.14
Description
Several out-of-bounds reads were discovered in PHP and its dependencies that could cause memory leaks or other unexpected conditions.
Affected VMware Products and Versions
Severity is low unless otherwise noted.
- Note: The PHP buildpack is patched from upstream PHP source. No Pivotal products are affected.
Mitigation
Users of affected versions should apply the following mitigation:
- Upgrade the PHP Buildpack to v4.3.14 or later and restage all applications that use automated buildpack detection