Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-7803

Опубликовано: 01 окт. 2015
Источник: redhat
CVSS2: 4.3
EPSS Средний

Описание

The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator references a file that does not exist.

A flaw was found in the way the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5phpWill not fix
Red Hat Enterprise Linux 5php53Will not fix
Red Hat Enterprise Linux 6phpWill not fix
Red Hat Enterprise Linux 7phpWill not fix
Red Hat Software Collectionsphp54-phpWill not fix
Red Hat Software Collectionsphp55-phpWill not fix
Red Hat Software Collections for Red Hat Enterprise Linux 6rh-php56-phpFixedRHSA-2016:045715.03.2016
Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUSrh-php56-phpFixedRHSA-2016:045715.03.2016
Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUSrh-php56-phpFixedRHSA-2016:045715.03.2016
Red Hat Software Collections for Red Hat Enterprise Linux 7rh-php56-phpFixedRHSA-2016:045715.03.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=1271081php: NULL pointer dereference in phar_get_fp_offset()

EPSS

Процентиль: 96%
0.25607
Средний

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-7803

ubuntu
больше 9 лет назад

The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator references a file that does not exist.

nvd логотип

CVE-2015-7803

nvd
больше 9 лет назад

The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator references a file that does not exist.

debian логотип

CVE-2015-7803

debian
больше 9 лет назад

The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5. ...

github логотип

GHSA-xcr5-h66f-mcfq

github
около 3 лет назад

The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator references a file that does not exist.

fstec логотип

BDU:2022-02526

CVSS3: 6.5
fstec
больше 9 лет назад

Уязвимость функции phar_get_entry_data интерпретатора языка программирования PHP, позволяющая нарушителю вызвать отказ в обслуживании или, возможно, оказать другое воздействие

EPSS

Процентиль: 96%
0.25607
Средний

4.3 Medium

CVSS2