CVE-2015-7804

MEDIUM

Description

Off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (uninitialized pointer dereference and application crash) by including the / filename in a .zip PHAR archive.

References

http://git.php.net/?p=php-src.git;a=commit;h=1ddf72180a52d247db88ea42a3e35f824a8fbda1

http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html

http://lists.opensuse.org/opensuse-updates/2016-01/msg00099.html

http://www.debian.org/security/2015/dsa-3380

http://www.openwall.com/lists/oss-security/2015/10/05/8

http://www.php.net/ChangeLog-5.php

http://www.securityfocus.com/bid/76959

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.461720

http://www.ubuntu.com/usn/USN-2786-1

https://bugs.php.net/bug.php?id=70433

https://security.gentoo.org/glsa/201606-10

https://support.apple.com/HT205637

Details

Source: MITRE

Published: 2015-12-11

Updated: 2016-12-07

Type: CWE-189

Risk Information

CVSS v2.0

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* versions up to 10.11.1 (inclusive)

Configuration 2

cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions up to 5.5.29 (inclusive)

cpe:2.3:a:php:php:5.6.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.8:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.9:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.10:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.11:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.12:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.13:*:*:*:*:*:*:*

Tenable Plugins

View all (19 total)

ID	Name	Product	Family	Severity
131592	EulerOS 2.0 SP2 : php (EulerOS-SA-2019-2438)	Nessus	Huawei Local Security Checks	critical
129178	EulerOS 2.0 SP5 : php (EulerOS-SA-2019-1984)	Nessus	Huawei Local Security Checks	high
98806	PHP 5.6.x < 5.6.14 Multiple Vulnerabilities	Web Application Scanning	Component Vulnerability	high
106497	pfSense < 2.2.5 Multiple Vulnerabilities (SA-15_08)	Nessus	Firewalls	high
91704	GLSA-201606-10 : PHP: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
9325	Mac OS X 10.11.x < 10.11.2 Multiple Vulnerabilities	Nessus Network Monitor	Operating System Detection	high
88567	Slackware 14.0 / 14.1 / current : php (SSA:2016-034-04)	Nessus	Slackware Local Security Checks	medium
88533	openSUSE Security Update : php5 (openSUSE-2016-100)	Nessus	SuSE Local Security Checks	medium
87321	Mac OS X Multiple Vulnerabilities (Security Updates 2015-005 / 2015-008)	Nessus	MacOS X Local Security Checks	critical
87314	Mac OS X 10.11.x < 10.11.2 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	critical
86794	Debian DLA-341-1 : php5 security update	Nessus	Debian Local Security Checks	high
86651	Ubuntu 12.04 LTS / 14.04 LTS / 15.04 / 15.10 : php5 vulnerabilities (USN-2786-1)	Nessus	Ubuntu Local Security Checks	medium
86618	Debian DSA-3380-1 : php5 - security update	Nessus	Debian Local Security Checks	medium
86496	Amazon Linux AMI : php55 (ALAS-2015-602)	Nessus	Amazon Linux Local Security Checks	high
86495	Amazon Linux AMI : php56 (ALAS-2015-601)	Nessus	Amazon Linux Local Security Checks	high
86301	PHP 5.6.x < 5.6.14 Multiple Vulnerabilities	Nessus	CGI abuses	medium
86300	PHP 5.5.x < 5.5.30 Multiple Vulnerabilities	Nessus	CGI abuses	medium
8956	PHP 5.5.x < 5.5.30 / 5.6.x < 5.6.14 Multiple Vulnerabilities	Nessus Network Monitor	Web Servers	high
86267	FreeBSD : php -- multiple vulnerabilities (c1da8b75-6aef-11e5-9909-002590263bf5)	Nessus	FreeBSD Local Security Checks	medium