Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2015-4643

Опубликовано: 16 мая 2016
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 7.5
CVSS3: 9.8

Описание

Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4022.

РелизСтатусПримечание
devel

released

5.6.9+dfsg-1ubuntu1
esm-infra-legacy/trusty

released

5.5.9+dfsg-1ubuntu4.11
precise

released

5.3.10-1ubuntu3.19
trusty

released

5.5.9+dfsg-1ubuntu4.11
trusty/esm

released

5.5.9+dfsg-1ubuntu4.11
upstream

released

5.4.42,5.5.26,5.6.10
utopic

released

5.5.12+dfsg-2ubuntu4.6
vivid

released

5.6.4+dfsg-4ubuntu6.2

Показывать по

Ссылки на источники

EPSS

Процентиль: 92%
0.07859
Низкий

7.5 High

CVSS2

9.8 Critical

CVSS3

Связанные уязвимости

redhat логотип

CVE-2015-4643

redhat
больше 10 лет назад

Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4022.

nvd логотип

CVE-2015-4643

CVSS3: 9.8
nvd
больше 9 лет назад

Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4022.

debian логотип

CVE-2015-4643

CVSS3: 9.8
debian
больше 9 лет назад

Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP b ...

github логотип

GHSA-phcc-83hq-g329

CVSS3: 9.8
github
больше 3 лет назад

Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4022.

fstec логотип

BDU:2016-01362

fstec
больше 9 лет назад

Уязвимость интерпретатора PHP, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 92%
0.07859
Низкий

7.5 High

CVSS2

9.8 Critical

CVSS3