Описание
Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive.
A buffer overflow flaw was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | php | Not affected | ||
| Red Hat Enterprise Linux 5 | php53 | Will not fix | ||
| Red Hat Software Collections | php54-php | Affected | ||
| Red Hat Enterprise Linux 6 | php | Fixed | RHSA-2015:1218 | 09.07.2015 |
| Red Hat Enterprise Linux 7 | php | Fixed | RHSA-2015:1135 | 23.06.2015 |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | php54 | Fixed | RHSA-2015:1066 | 04.06.2015 |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | php54-php | Fixed | RHSA-2015:1066 | 04.06.2015 |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | php54-php-pecl-zendopcache | Fixed | RHSA-2015:1066 | 04.06.2015 |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | php55-php | Fixed | RHSA-2015:1186 | 25.06.2015 |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | rh-php56-php | Fixed | RHSA-2015:1187 | 25.06.2015 |
Показывать по
Дополнительная информация
Статус:
5.1 Medium
CVSS2
Связанные уязвимости
Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive.
Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive.
Multiple stack-based buffer overflows in the phar_set_inode function i ...
Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive.
Уязвимость функции phar_set_inode (phar_internal.h) интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольный код
5.1 Medium
CVSS2