Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-1352

Опубликовано: 04 янв. 2015
Источник: redhat
CVSS2: 2.6

Описание

The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name.

A NULL pointer dereference flaw was found in PHP's pgsql extension. A specially crafted table name passed to a function such as pg_insert() or pg_select() could cause a PHP application to crash.

Отчет

This issue did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 5, 6 and 7.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5phpNot affected
Red Hat Enterprise Linux 5php53Not affected
Red Hat Enterprise Linux 6phpNot affected
Red Hat Enterprise Linux 7phpNot affected
Red Hat Software Collectionsphp54-phpNot affected
Red Hat Software Collectionsphp55-phpAffected
Red Hat Software Collectionsrh-php56-phpNot affected
Red Hat Software Collections for Red Hat Enterprise Linux 6php55FixedRHSA-2015:105304.06.2015
Red Hat Software Collections for Red Hat Enterprise Linux 6php55-phpFixedRHSA-2015:105304.06.2015
Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUSphp55FixedRHSA-2015:105304.06.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=1185904php: NULL pointer dereference in pgsql extension

2.6 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-1352

ubuntu
около 10 лет назад

The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name.

nvd логотип

CVE-2015-1352

nvd
около 10 лет назад

The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name.

debian логотип

CVE-2015-1352

debian
около 10 лет назад

The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) ...

github логотип

GHSA-j4qg-8m5f-3hcv

github
около 3 лет назад

The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name.

fstec логотип

BDU:2022-02523

CVSS3: 5.3
fstec
около 10 лет назад

Уязвимость функция build_tablename (pgsql.c) интерпретатора языка программирования PHP, позволяющая нарушителю вызвать отказ в обслуживании

2.6 Low

CVSS2