Stack-based buffer overflow in the phar_fix_filepath function in ext/phar/phar.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value, as demonstrated by mishandling of an e-mail attachment by the imap PHP extension.
http://git.php.net/?p=php-src.git;a=commit;h=6dedeb40db13971af45276f80b5375030aa7e76f
http://openwall.com/lists/oss-security/2015/07/18/1
http://www.debian.org/security/2015/dsa-3344
http://www.php.net/ChangeLog-5.php
Source: MITRE
Published: 2016-01-19
Updated: 2017-11-04
Type: CWE-119
Base Score: 7.5
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 10
Severity: HIGH
Base Score: 7.3
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Impact Score: 3.4
Exploitability Score: 3.9
Severity: HIGH
OR
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions up to 5.4.42 (inclusive)
cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.14:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.18:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.19:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.20:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.21:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.22:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.23:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.24:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.25:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.26:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.0:beta4:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.8:*:*:*:*:*:*:*
ID | Name | Product | Family | Severity |
---|---|---|---|---|
129236 | EulerOS 2.0 SP3 : php (EulerOS-SA-2019-2043) | Nessus | Huawei Local Security Checks | high |
128931 | EulerOS Virtualization for ARM 64 3.0.2.0 : php (EulerOS-SA-2019-1928) | Nessus | Huawei Local Security Checks | high |
128917 | EulerOS 2.0 SP2 : php (EulerOS-SA-2019-1865) | Nessus | Huawei Local Security Checks | high |
128087 | EulerOS 2.0 SP5 : php (EulerOS-SA-2019-1795) | Nessus | Huawei Local Security Checks | high |
98803 | PHP 5.6.x < 5.6.11 Multiple Vulnerabilities (BACKRONYM) | Web Application Scanning | Component Vulnerability | critical |
119970 | SUSE SLES12 Security Update : php5 (SUSE-SU-2015:1425-1) | Nessus | SuSE Local Security Checks | critical |
93161 | SUSE SLES11 Security Update : php53 (SUSE-SU-2016:1638-1) (BACKRONYM) | Nessus | SuSE Local Security Checks | critical |
8955 | PHP 5.5.x < 5.5.27 / 5.6.x < 5.6.11 Multiple Vulnerabilities | Nessus Network Monitor | Web Servers | high |
8954 | PHP 5.6.10 < 5.6.11 Multiple Vulnerabilities (BACKRONYM) | Nessus Network Monitor | Web Servers | high |
8953 | PHP 5.4.x < 5.4.43 / 5.5.x < 5.5.27 / 5.6.x < 5.6.11 Multiple Vulnerabilities (BACKRONYM) | Nessus Network Monitor | Web Servers | critical |
86221 | Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : php5 vulnerabilities (USN-2758-1) | Nessus | Ubuntu Local Security Checks | critical |
85808 | Debian DLA-307-1 : php5 security update | Nessus | Debian Local Security Checks | critical |
85723 | SUSE SLES11 Security Update : php53 (SUSE-SU-2015:1466-1) | Nessus | SuSE Local Security Checks | critical |
85664 | Debian DSA-3344-1 : php5 - security update | Nessus | Debian Local Security Checks | critical |
85458 | Amazon Linux AMI : php56 (ALAS-2015-585) (BACKRONYM) | Nessus | Amazon Linux Local Security Checks | critical |
85457 | Amazon Linux AMI : php55 (ALAS-2015-584) (BACKRONYM) | Nessus | Amazon Linux Local Security Checks | critical |
85456 | Amazon Linux AMI : php54 (ALAS-2015-583) (BACKRONYM) | Nessus | Amazon Linux Local Security Checks | critical |
85259 | openSUSE Security Update : php5 (openSUSE-2015-536) | Nessus | SuSE Local Security Checks | critical |
85061 | Fedora 21 : php-5.6.11-1.fc21 (2015-11581) | Nessus | Fedora Local Security Checks | critical |
84862 | FreeBSD : php-phar -- multiple vulnerabilities (8b1f53f3-2da5-11e5-86ff-14dae9d210b8) | Nessus | FreeBSD Local Security Checks | critical |
84673 | PHP 5.6.x < 5.6.11 Multiple Vulnerabilities (BACKRONYM) | Nessus | CGI abuses | critical |
84672 | PHP 5.5.x < 5.5.27 Multiple Vulnerabilities (BACKRONYM) | Nessus | CGI abuses | critical |
84671 | PHP 5.4.x < 5.4.43 Multiple Vulnerabilities (BACKRONYM) | Nessus | CGI abuses | critical |