Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2015-8865

Опубликовано: 20 мая 2016
Источник: debian
EPSS Низкий

Описание

The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
php7.0fixed7.0.5-1package
php5fixed5.6.20+dfsg-1package
filefixed1:5.24-1package
filefixed1:5.22+15-2+deb8u2jessiepackage
hhvmfixed3.12.11+dfsg-1package

Примечания

  • http://bugs.gw.com/view.php?id=522

  • https://github.com/file/file/commit/6713ca45e7757297381f4b4cdb9cf5e624a9ad36

  • https://bugs.php.net/bug.php?id=71527

  • https://git.php.net/?p=php-src.git;a=commit;h=fe13566c93f118a15a96320a546c7878fd0cfc5e

  • PHP fixed in 7.0.5, 5.6.20, 5.5.34

  • https://www.openwall.com/lists/oss-security/2016/04/11/7

  • Fix in HHVM: https://github.com/facebook/hhvm/commit/4e614ba041e24af8351afbb49c92444c0850f23b

EPSS

Процентиль: 89%
0.04485
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2015-8865

CVSS3: 7.3
ubuntu
около 9 лет назад

The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file.

redhat логотип

CVE-2015-8865

CVSS3: 5.6
redhat
больше 9 лет назад

The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file.

nvd логотип

CVE-2015-8865

CVSS3: 7.3
nvd
около 9 лет назад

The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file.

github логотип

GHSA-p546-wvpp-2wvf

CVSS3: 7.3
github
около 3 лет назад

The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file.

fstec логотип

BDU:2016-01463

fstec
около 9 лет назад

Уязвимость интерпретатора PHP и операционной системы Mac OS X, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

EPSS

Процентиль: 89%
0.04485
Низкий