PT-2015-3422 · Php+1 · Php+1

Hugh

Published

2015-10-09

Updated

2016-12-07

CVE-2015-7804

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.5.30 PHP versions 5.6.x prior to 5.6.14

Description The issue is related to an off-by-one error in the phar parse zipfile function, which can be exploited by remote attackers to cause a denial of service. This is achieved by including the / filename in a .zip PHAR archive, leading to an uninitialized pointer dereference and application crash.

Recommendations For PHP versions prior to 5.5.30, update to version 5.5.30 or later. For PHP versions 5.6.x prior to 5.6.14, update to version 5.6.14 or later.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-189

Related Identifiers

BDU:2022-02525

CVE-2015-7804

DLA-341-1

DSA-3380-1

MGASA-2015-0395

RHSA-2016:0457

USN-2786-1

Affected Products

Php

Ubuntu

PT-2015-3422 · Php+1 · Php+1

CVE-2015-7804

Weakness Enumeration

Related Identifiers

Affected Products

References · 27