Описание
Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 5.6.4+dfsg-4ubuntu6 |
| esm-infra-legacy/trusty | not-affected | 5.5.9+dfsg-1ubuntu4.9 |
| lucid | released | 5.3.2-1ubuntu4.30 |
| precise | released | 5.3.10-1ubuntu3.18 |
| trusty | released | 5.5.9+dfsg-1ubuntu4.9 |
| trusty/esm | not-affected | 5.5.9+dfsg-1ubuntu4.9 |
| upstream | needs-triage | |
| utopic | released | 5.5.12+dfsg-2ubuntu4.4 |
Показывать по
7.5 High
CVSS2
Связанные уязвимости
Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive.
Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive.
Multiple stack-based buffer overflows in the phar_set_inode function i ...
Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive.
Уязвимость функции phar_set_inode (phar_internal.h) интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольный код
7.5 High
CVSS2