Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-8865

Опубликовано: 23 фев. 2016
Источник: redhat
CVSS3: 5.6
CVSS2: 5.1
EPSS Низкий

Описание

The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file.

Меры по смягчению последствий

Do not use untrusted magic files.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5cdrtoolsWill not fix
Red Hat Enterprise Linux 5fileWill not fix
Red Hat Enterprise Linux 5php53Will not fix
Red Hat Enterprise Linux 5rpmWill not fix
Red Hat Enterprise Linux 6fileWill not fix
Red Hat Enterprise Linux 6phpWill not fix
Red Hat Enterprise Linux 7fileWill not fix
Red Hat Enterprise Linux 7phpWill not fix
Red Hat Software Collectionsphp54-phpWill not fix
Red Hat Software Collectionsphp55-phpWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-120
https://bugzilla.redhat.com/show_bug.cgi?id=1323118file: Buffer over-write in finfo_open with malformed magic file

EPSS

Процентиль: 89%
0.05044
Низкий

5.6 Medium

CVSS3

5.1 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-8865

CVSS3: 7.3
ubuntu
около 9 лет назад

The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file.

nvd логотип

CVE-2015-8865

CVSS3: 7.3
nvd
около 9 лет назад

The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file.

debian логотип

CVE-2015-8865

CVSS3: 7.3
debian
около 9 лет назад

The file_check_mem function in funcs.c in file before 5.23, as used in ...

github логотип

GHSA-p546-wvpp-2wvf

CVSS3: 7.3
github
больше 3 лет назад

The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file.

fstec логотип

BDU:2016-01463

fstec
около 9 лет назад

Уязвимость интерпретатора PHP и операционной системы Mac OS X, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

EPSS

Процентиль: 89%
0.05044
Низкий

5.6 Medium

CVSS3

5.1 Medium

CVSS2