CVE-2015-7804

MEDIUM severity · CVSS 6.8 · CWE-189

6.8CVSS MEDIUM

Summary

Off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (uninitialized pointer dereference and application crash) by including the / filename in a .zip PHAR archive.

Impact & exploitability

Attack vectorNetwork

Attack complexity—

Privileges required—

User interaction—

Confidentiality impact—

Integrity impact—

Availability impact—

Exploit probability (EPSS)18%

AV:N/AC:M/Au:N/C:P/I:P/A:P

Affected products we track (1)

PHP

Recommendation

Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.

Additional information

NVD record
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=1ddf72180a52d247db88ea42a3e35f824a8fbda1
http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html
http://lists.opensuse.org/opensuse-updates/2016-01/msg00099.html
http://www.debian.org/security/2015/dsa-3380
http://www.openwall.com/lists/oss-security/2015/10/05/8
http://www.php.net/ChangeLog-5.php
http://www.securityfocus.com/bid/76959
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.461720