Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2015-7804

Published: 11/12/2015 Updated: 07/11/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Apple

Vulnerability Summary

Off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c in PHP prior to 5.5.30 and 5.6.x prior to 5.6.14 allows remote malicious users to cause a denial of service (uninitialized pointer dereference and application crash) by including the / filename in a .zip PHAR archive.

Vulnerable Product Search on Vulmon Subscribe to Product

apple mac os x

php php 5.6.1

php php 5.6.5

php php 5.6.12

php php 5.6.13

php php 5.6.0

php php 5.6.4

php php 5.6.6

php php 5.6.11

php php 5.6.2

php php 5.6.10

php php 5.6.7

php php 5.6.9

php php 5.6.3

php php 5.6.8

php php

Vendor Advisories

Ubuntu Security Notice: php5 vulnerabilities
PHP could be made to crash if it processed a specially crafted file ...
Debian Security Advisories: DSA-3380-1 php5 -- security update
Two vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development CVE-2015-7803 The phar extension could crash with a NULL pointer dereference when processing tar archives containing links referring to non-existing files This could lead to a denial of service CVE-2015-7804 ...
Amazon Linux AMI: ALAS-2015-602
As <a href="bugsphpnet/bugphp?id=69720">reported upstream</a>, A NULL pointer dereference flaw was found in the way PHP's Phar extension parsed Phar archives A specially crafted archive could cause PHP to crash (CVE-2015-7803 ) A flaw was discovered in the way PHP performed object unserialization Specially crafted input pr ...
Amazon Linux AMI: ALAS-2015-601
As <a href="bugsphpnet/bugphp?id=69720">reported upstream</a>, A NULL pointer dereference flaw was found in the way PHP's Phar extension parsed Phar archives A specially crafted archive could cause PHP to crash (CVE-2015-7803 ) A flaw was discovered in the way PHP performed object unserialization Specially crafted input pr ...
Red Hat: CVE-2015-7804
A flaw was found in the way the way PHP's Phar extension parsed Phar archives A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened ...

References

CWE-189https://support.apple.com/HT205637https://bugs.php.net/bug.php?id=70433http://www.openwall.com/lists/oss-security/2015/10/05/8http://www.php.net/ChangeLog-5.phphttp://lists.apple.com/archives/security-announce/2015/Dec/msg00005.htmlhttp://www.securityfocus.com/bid/76959https://security.gentoo.org/glsa/201606-10http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.461720http://www.ubuntu.com/usn/USN-2786-1http://lists.opensuse.org/opensuse-updates/2016-01/msg00099.htmlhttp://www.debian.org/security/2015/dsa-3380http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=1ddf72180a52d247db88ea42a3e35f824a8fbda1https://usn.ubuntu.com/2786-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2015-7804
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-3400deserializationCVE-2024-21788CVE-2023-42433CVE-2024-21841CVE-2024-22095local file inclusionmemory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook