Published: 16/05/2016 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP prior to 5.4.42, 5.5.x prior to 5.5.26, and 5.6.x prior to 5.6.10 does not validate token extraction for table names, which might allow remote malicious users to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1352.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat enterprise linux 7.0
redhat enterprise linux 6.0
php php 5.6.1
php php 5.6.5
php php 5.5.19
php php 5.5.25
php php 5.5.0
php php 5.5.16
php php 5.6.0
php php 5.5.1
php php 5.5.5
php php 5.6.4
php php 5.5.21
php php 5.6.6
php php 5.5.17
php php 5.5.14
php php 5.5.7
php php 5.6.2
php php 5.5.12
php php 5.5.6
php php 5.6.7
php php 5.5.3
php php 5.5.23
php php 5.5.8
php php 5.5.24
php php 5.5.15
php php 5.5.11
php php 5.5.13
php php
php php 5.5.4
php php 5.6.9
php php 5.5.10
php php 5.6.3
php php 5.5.22
php php 5.6.8
php php 5.5.18
php php 5.5.20
php php 5.5.2
php php 5.5.9

Several security issues were fixed in PHP ...

Multiple vulnerabilities have been discovered in the PHP language: CVE-2015-4598 thoger at redhat dot com discovered that paths containing a NUL character were improperly handled, thus allowing an attacker to manipulate unexpected files on the server CVE-2015-4643 Max Spelsberg discovered an integer overflow flaw leading to a ...

The php_pgsql_meta_data function in pgsqlc in the PostgreSQL (aka pgsql) extension in PHP before 5442, 55x before 5526, and 56x before 5610 does not validate token extraction for table names, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name NOTE: this vu ...

Upstream reports that six security-related issues in PHP were fixed in this release, as well as several security issues in bundled sqlite library (CVE-2015-3414, CVE-2015-3415, CVE-2015-3416) All PHP 54 users are encouraged to upgrade to this version Please see the <a href="phpnet/ChangeLog-5php#5442">upstream release notes</ ...

Upstream reports that several bugs have been fixed as well as several security issues into some bundled libraries (CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2015-2325 and CVE-2015-2326) All PHP 56 users are encouraged to upgrade to this version Please see the <a href="phpnet/ChangeLog-5php#5610">upstream release notes&lt ...

Upstream reports that several bugs have been fixed as well as several security issues into some bundled libraries (CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2015-2325 and CVE-2015-2326) All PHP 55 users are encouraged to upgrade to this version Please see the <a href="phpnet/ChangeLog-5php#5526">upstream release notes&lt ...

NVD-CWE-Other https://bugs.php.net/bug.php?id=69667 http://php.net/ChangeLog-5.php http://openwall.com/lists/oss-security/2015/06/18/6 http://www.securityfocus.com/bid/75292 http://rhn.redhat.com/errata/RHSA-2015-1187.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html https://security.gentoo.org/glsa/201606-10 http://rhn.redhat.com/errata/RHSA-2015-1186.html http://www.securitytracker.com/id/1032709 http://www.debian.org/security/2015/dsa-3344 http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=2cc4e69cc6d8dbc4b3568ad3dd583324a7c11d64 https://nvd.nist.gov https://usn.ubuntu.com/2658-1/

CVE-2015-4644

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect