PT-2015-3418 · Php+2 · Php+2

Vasyl Kaigorodov

·

Publicado

2015-06-07

·

Atualizado

2019-04-22

·

CVE-2015-3307

CVSS v2.0

7.5

Alta

VetorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.4.40 PHP versions 5.5.x prior to 5.5.24 PHP versions 5.6.x prior to 5.6.8
Description The issue is caused by a buffer overflow in the phar parse metadata function. This can be exploited by a remote attacker to cause a denial of service or possibly have other unspecified impacts via a crafted tar archive.
Recommendations For PHP versions prior to 5.4.40, update to version 5.4.40 or later. For PHP versions 5.5.x prior to 5.5.24, update to version 5.5.24 or later. For PHP versions 5.6.x prior to 5.6.8, update to version 5.6.8 or later.

Exploit

Correção

DoS

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

BDU:2022-02521
CESA-2015_1135
CESA-2015_1218
CVE-2015-3307
DLA-307-1
DSA-3280-1
RHSA-2015:1066
RHSA-2015:1135
RHSA-2015:1186
RHSA-2015:1187
RHSA-2015:1218
RHSA-2015_1135
RHSA-2015_1218

Produtos afetados

Centos
Php
Red Hat