Описание
Multiple format string vulnerabilities in phar_object.c in the phar extension in PHP 5.3.5 and earlier allow context-dependent attackers to obtain sensitive information from process memory, cause a denial of service (memory corruption), or possibly execute arbitrary code via format string specifiers in an argument to a class method, leading to an incorrect zend_throw_exception_ex call.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | not-affected | |
| devel | not-affected | 5.3.5-1ubuntu7.2 |
| hardy | not-affected | |
| karmic | not-affected | |
| lucid | released | 5.3.2-1ubuntu4.8 |
| maverick | released | 5.3.3-1ubuntu9.4 |
| natty | released | 5.3.5-1ubuntu7.1 |
| upstream | needs-triage |
Показывать по
EPSS
7.5 High
CVSS2
Связанные уязвимости
Multiple format string vulnerabilities in phar_object.c in the phar extension in PHP 5.3.5 and earlier allow context-dependent attackers to obtain sensitive information from process memory, cause a denial of service (memory corruption), or possibly execute arbitrary code via format string specifiers in an argument to a class method, leading to an incorrect zend_throw_exception_ex call.
Multiple format string vulnerabilities in phar_object.c in the phar extension in PHP 5.3.5 and earlier allow context-dependent attackers to obtain sensitive information from process memory, cause a denial of service (memory corruption), or possibly execute arbitrary code via format string specifiers in an argument to a class method, leading to an incorrect zend_throw_exception_ex call.
Multiple format string vulnerabilities in phar_object.c in the phar ex ...
Multiple format string vulnerabilities in phar_object.c in the phar extension in PHP 5.3.5 and earlier allow context-dependent attackers to obtain sensitive information from process memory, cause a denial of service (memory corruption), or possibly execute arbitrary code via format string specifiers in an argument to a class method, leading to an incorrect zend_throw_exception_ex call.
EPSS
7.5 High
CVSS2