Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-4605

Опубликовано: 16 апр. 2015
Источник: redhat
CVSS2: 5
EPSS Низкий

Описание

The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5fileNot affected
Red Hat Enterprise Linux 5phpNot affected
Red Hat Enterprise Linux 5php53Not affected
Red Hat Enterprise Linux 6fileNot affected
Red Hat Enterprise Linux 6phpNot affected
Red Hat Enterprise Linux 7fileNot affected
Red Hat Software Collectionsphp54-phpAffected
Red Hat Enterprise Linux 7phpFixedRHSA-2015:113523.06.2015
Red Hat Software Collections for Red Hat Enterprise Linux 6php54FixedRHSA-2015:106604.06.2015
Red Hat Software Collections for Red Hat Enterprise Linux 6php54-phpFixedRHSA-2015:106604.06.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=1213442php: denial of service when processing a crafted file with Fileinfo

EPSS

Процентиль: 92%
0.09106
Низкий

5 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-4605

CVSS3: 7.5
ubuntu
около 9 лет назад

The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule.

nvd логотип

CVE-2015-4605

CVSS3: 7.5
nvd
около 9 лет назад

The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule.

debian логотип

CVE-2015-4605

CVSS3: 7.5
debian
около 9 лет назад

The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo ...

github логотип

GHSA-94g6-fh67-6qp6

CVSS3: 7.5
github
около 3 лет назад

The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule.

fstec логотип

BDU:2016-01364

fstec
около 9 лет назад

Уязвимость интерпретатора PHP, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

EPSS

Процентиль: 92%
0.09106
Низкий

5 Medium

CVSS2