Published: 30/03/2015 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP up to and including 5.6.7 does not validate token extraction for table names, which allows remote malicious users to cause a denial of service (NULL pointer dereference and application crash) via a crafted name.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple mac os x
php php

Several security issues were fixed in PHP ...

Debian Bug report logs - #780713 php5: CVE-2015-2331 Package: src:php5; Maintainer for src:php5 is Debian PHP Maintainers <pkg-php-maint@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Wed, 18 Mar 2015 09:24:07 UTC Severity: grave Tags: security Found in versions php5/566+dfsg-1, p ...

Debian Bug report logs - #777033 php5: CVE-2015-1351 Package: php5; Maintainer for php5 is Debian PHP Maintainers <pkg-php-maint@listsaliothdebianorg>; Source for php5 is src:php5 (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Wed, 4 Feb 2015 08:51:01 UTC Severity: important Tags: s ...

Debian Bug report logs - #777036 php5: CVE-2015-1352 Package: php5; Maintainer for php5 is Debian PHP Maintainers <pkg-php-maint@listsaliothdebianorg>; Source for php5 is src:php5 (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Wed, 4 Feb 2015 08:51:01 UTC Severity: important Tags: s ...

A NULL pointer dereference flaw was found in PHP's pgsql extension A specially crafted table name passed to a function such as pg_insert() or pg_select() could cause a PHP application to crash ...

A use-after-free flaw was found in PHP's OPcache extension This flaw could possibly lead to a disclosure of portion of server memory (CVE-2015-1351) A NULL pointer dereference flaw was found in PHP's pgsql extension A specially crafted table name passed to function as pg_insert() or pg_select() could cause a PHP application to crash (CVE-2015-1 ...

A buffer overflow vulnerability was found in PHP's phar (PHP Archive) implementation See <a href="bugsphpnet/bugphp?id=69324">bugsphpnet/bugphp?id=69324</a> for more details (CVE-2015-2783) A use-after-free flaw was found in PHP's phar (PHP Archive) paths implementation A malicious script author could possibly ...

NVD-CWE-Other http://openwall.com/lists/oss-security/2015/01/24/9 https://bugs.php.net/bug.php?id=68741 http://www.mandriva.com/security/advisories?name=MDVSA-2015:079 https://support.apple.com/HT205267 http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://marc.info/?l=bugtraq&m=143403519711434&w=2 http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html http://www.securityfocus.com/bid/71932 https://security.gentoo.org/glsa/201606-10 http://rhn.redhat.com/errata/RHSA-2015-1053.html http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=124fb22a13fafa3648e4e15b4f207c7096d8155e https://usn.ubuntu.com/2501-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2015-1352

CVE-2015-1352

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect