Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-4604

Опубликовано: 16 апр. 2015
Источник: redhat
CVSS2: 5
EPSS Средний

Описание

The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relationship, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5fileNot affected
Red Hat Enterprise Linux 5phpNot affected
Red Hat Enterprise Linux 5php53Not affected
Red Hat Enterprise Linux 6fileNot affected
Red Hat Enterprise Linux 6phpNot affected
Red Hat Enterprise Linux 7fileNot affected
Red Hat Software Collectionsphp54-phpAffected
Red Hat Enterprise Linux 7phpFixedRHSA-2015:113523.06.2015
Red Hat Software Collections for Red Hat Enterprise Linux 6php54FixedRHSA-2015:106604.06.2015
Red Hat Software Collections for Red Hat Enterprise Linux 6php54-phpFixedRHSA-2015:106604.06.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=1213442php: denial of service when processing a crafted file with Fileinfo

EPSS

Процентиль: 94%
0.15489
Средний

5 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-4604

CVSS3: 7.5
ubuntu
около 9 лет назад

The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relationship, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule.

nvd логотип

CVE-2015-4604

CVSS3: 7.5
nvd
около 9 лет назад

The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relationship, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule.

debian логотип

CVE-2015-4604

CVSS3: 7.5
debian
около 9 лет назад

The mget function in softmagic.c in file 5.x, as used in the Fileinfo ...

github логотип

GHSA-6r6h-mwpx-cfrc

CVSS3: 7.5
github
около 3 лет назад

The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relationship, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule.

fstec логотип

BDU:2016-01365

fstec
около 9 лет назад

Уязвимость интерпретатора PHP, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

EPSS

Процентиль: 94%
0.15489
Средний

5 Medium

CVSS2