CVE-2015-4644

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1352.

References

http://git.php.net/?p=php-src.git;a=commit;h=2cc4e69cc6d8dbc4b3568ad3dd583324a7c11d64

http://openwall.com/lists/oss-security/2015/06/18/6

http://php.net/ChangeLog-5.php

http://rhn.redhat.com/errata/RHSA-2015-1186.html

http://rhn.redhat.com/errata/RHSA-2015-1187.html

http://www.debian.org/security/2015/dsa-3344

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

http://www.securityfocus.com/bid/75292

http://www.securitytracker.com/id/1032709

https://bugs.php.net/bug.php?id=69667

https://security.gentoo.org/glsa/201606-10

Details

Source: MITRE

Published: 2016-05-16

Updated: 2019-04-22

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions up to 5.4.41 (inclusive)

cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.14:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.15:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.16:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.17:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.18:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.19:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.20:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.21:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.22:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.23:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.24:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.25:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.8:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.9:*:*:*:*:*:*:*

Tenable Plugins

View all (19 total)

IDNameProductFamilySeverity
98802PHP 5.6.x < 5.6.10 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
critical
119968SUSE SLES12 Security Update : php5 (SUSE-SU-2015:1253-1)NessusSuSE Local Security Checks
critical
106495pfSense < 2.2.3 Multiple Vulnerabilities (SA-15_07) (Logjam)NessusFirewalls
critical
93161SUSE SLES11 Security Update : php53 (SUSE-SU-2016:1638-1) (BACKRONYM)NessusSuSE Local Security Checks
critical
91704GLSA-201606-10 : PHP: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
85808Debian DLA-307-1 : php5 security updateNessusDebian Local Security Checks
critical
85664Debian DSA-3344-1 : php5 - security updateNessusDebian Local Security Checks
critical
84897SUSE SLES11 Security Update : PHP (SUSE-SU-2015:1265-1)NessusSuSE Local Security Checks
critical
84830Slackware 14.0 / 14.1 / current : php (SSA:2015-198-02) (BACKRONYM)NessusSlackware Local Security Checks
critical
84625Amazon Linux AMI : php56 (ALAS-2015-563)NessusAmazon Linux Local Security Checks
critical
84624Amazon Linux AMI : php55 (ALAS-2015-562)NessusAmazon Linux Local Security Checks
critical
84623Amazon Linux AMI : php54 (ALAS-2015-561)NessusAmazon Linux Local Security Checks
critical
84563Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : php5 vulnerabilities (USN-2658-1)NessusUbuntu Local Security Checks
critical
84557openSUSE Security Update : php5 (openSUSE-2015-471)NessusSuSE Local Security Checks
critical
84364PHP 5.6.x < 5.6.10 Multiple VulnerabilitiesNessusCGI abuses
critical
84363PHP 5.5.x < 5.5.26 Multiple VulnerabilitiesNessusCGI abuses
critical
84362PHP 5.4.x < 5.4.42 Multiple VulnerabilitiesNessusCGI abuses
critical
84326FreeBSD : php5 -- multiple vulnerabilities (cdff0af2-1492-11e5-a1cf-002590263bf5)NessusFreeBSD Local Security Checks
critical
8787PHP 5.5.x < 5.5.26 / 5.6.x < 5.6.10 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
medium