CVE-2015-1352

MEDIUM severity · CVSS 5

5CVSS MEDIUM

Summary

The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name.

Impact & exploitability

Attack vectorNetwork

Attack complexityLow

Privileges required—

User interaction—

Confidentiality impactNone

Integrity impactNone

Availability impact—

Exploit probability (EPSS)20%

AV:N/AC:L/Au:N/C:N/I:N/A:P

Affected products we track (1)

PHP

Recommendation

Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.

Additional information

NVD record
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=124fb22a13fafa3648e4e15b4f207c7096d8155e
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.htmlAdvisory
http://marc.info/?l=bugtraq&m=143403519711434&w=2Advisory
http://openwall.com/lists/oss-security/2015/01/24/9Advisory
http://rhn.redhat.com/errata/RHSA-2015-1053.htmlAdvisory
http://www.mandriva.com/security/advisories?name=MDVSA-2015:079Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlAdvisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlAdvisory