Описание
Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file.
A use-after-free flaw was found in PHP's phar (PHP Archive) paths implementation. A malicious script author could possibly use this flaw to disclose certain portions of server memory.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | php | Not affected | ||
| Red Hat Enterprise Linux 5 | php53 | Will not fix | ||
| Red Hat Software Collections | php54-php | Affected | ||
| Red Hat Software Collections | php55-php | Affected | ||
| Red Hat Software Collections | rh-php56-php | Not affected | ||
| Red Hat Enterprise Linux 6 | php | Fixed | RHSA-2015:1218 | 09.07.2015 |
| Red Hat Enterprise Linux 7 | php | Fixed | RHSA-2015:1135 | 23.06.2015 |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | php55 | Fixed | RHSA-2015:1053 | 04.06.2015 |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | php55-php | Fixed | RHSA-2015:1053 | 04.06.2015 |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | php54 | Fixed | RHSA-2015:1066 | 04.06.2015 |
Показывать по
Дополнительная информация
Статус:
EPSS
2.6 Low
CVSS2
Связанные уязвимости
Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file.
Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file.
Use-after-free vulnerability in the phar_rename_archive function in ph ...
Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file.
Уязвимость интерпретатора PHP, позволяющая удалённому злоумышленнику вызвать отказ в обслуживании или оказать иное воздействие на систему
EPSS
2.6 Low
CVSS2