CVE-2015-5589

HIGH

Description

The phar_convert_to_other function in ext/phar/phar_object.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 does not validate a file pointer before a close operation, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted TAR archive that is mishandled in a Phar::convertToData call.

ID	Name	Product	Family	Severity
132184	EulerOS 2.0 SP3 : php (EulerOS-SA-2019-2649)	Nessus	Huawei Local Security Checks	critical
131592	EulerOS 2.0 SP2 : php (EulerOS-SA-2019-2438)	Nessus	Huawei Local Security Checks	critical
98803	PHP 5.6.x < 5.6.11 Multiple Vulnerabilities (BACKRONYM)	Web Application Scanning	Component Vulnerability	critical
119970	SUSE SLES12 Security Update : php5 (SUSE-SU-2015:1425-1)	Nessus	SuSE Local Security Checks	critical
93161	SUSE SLES11 Security Update : php53 (SUSE-SU-2016:1638-1) (BACKRONYM)	Nessus	SuSE Local Security Checks	critical
8955	PHP 5.5.x < 5.5.27 / 5.6.x < 5.6.11 Multiple Vulnerabilities	Nessus Network Monitor	Web Servers	high
8954	PHP 5.6.10 < 5.6.11 Multiple Vulnerabilities (BACKRONYM)	Nessus Network Monitor	Web Servers	high
8953	PHP 5.4.x < 5.4.43 / 5.5.x < 5.5.27 / 5.6.x < 5.6.11 Multiple Vulnerabilities (BACKRONYM)	Nessus Network Monitor	Web Servers	critical
86221	Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : php5 vulnerabilities (USN-2758-1)	Nessus	Ubuntu Local Security Checks	critical
85808	Debian DLA-307-1 : php5 security update	Nessus	Debian Local Security Checks	critical
85723	SUSE SLES11 Security Update : php53 (SUSE-SU-2015:1466-1)	Nessus	SuSE Local Security Checks	critical
85664	Debian DSA-3344-1 : php5 - security update	Nessus	Debian Local Security Checks	critical
85458	Amazon Linux AMI : php56 (ALAS-2015-585) (BACKRONYM)	Nessus	Amazon Linux Local Security Checks	critical
85457	Amazon Linux AMI : php55 (ALAS-2015-584) (BACKRONYM)	Nessus	Amazon Linux Local Security Checks	critical
85456	Amazon Linux AMI : php54 (ALAS-2015-583) (BACKRONYM)	Nessus	Amazon Linux Local Security Checks	critical
85259	openSUSE Security Update : php5 (openSUSE-2015-536)	Nessus	SuSE Local Security Checks	critical
85061	Fedora 21 : php-5.6.11-1.fc21 (2015-11581)	Nessus	Fedora Local Security Checks	critical
84862	FreeBSD : php-phar -- multiple vulnerabilities (8b1f53f3-2da5-11e5-86ff-14dae9d210b8)	Nessus	FreeBSD Local Security Checks	critical
84673	PHP 5.6.x < 5.6.11 Multiple Vulnerabilities (BACKRONYM)	Nessus	CGI abuses	critical
84672	PHP 5.5.x < 5.5.27 Multiple Vulnerabilities (BACKRONYM)	Nessus	CGI abuses	critical
84671	PHP 5.4.x < 5.4.43 Multiple Vulnerabilities (BACKRONYM)	Nessus	CGI abuses	critical

CVE-2015-5589

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0