CVE-2015-2783

ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length value in conjunction with crafted serialized data in a phar archive, related to the phar_parse_metadata and phar_parse_pharfile functions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
VendorProductVersion
phpphp
𝑥
≤ 5.4.39
phpphp
5.5.0
phpphp
5.5.0:alpha1
phpphp
5.5.0:alpha2
phpphp
5.5.0:alpha3
phpphp
5.5.0:alpha4
phpphp
5.5.0:alpha5
phpphp
5.5.0:alpha6
phpphp
5.5.0:beta1
phpphp
5.5.0:beta2
phpphp
5.5.0:beta3
phpphp
5.5.0:beta4
phpphp
5.5.0:rc1
phpphp
5.5.0:rc2
phpphp
5.5.1
phpphp
5.5.2
phpphp
5.5.3
phpphp
5.5.4
phpphp
5.5.5
phpphp
5.5.6
phpphp
5.5.7
phpphp
5.5.8
phpphp
5.5.9
phpphp
5.5.10
phpphp
5.5.11
phpphp
5.5.12
phpphp
5.5.13
phpphp
5.5.14
phpphp
5.5.18
phpphp
5.5.19
phpphp
5.5.20
phpphp
5.5.21
phpphp
5.5.22
phpphp
5.5.23
phpphp
5.6.0:alpha1
phpphp
5.6.0:alpha2
phpphp
5.6.0:alpha3
phpphp
5.6.0:alpha4
phpphp
5.6.0:alpha5
phpphp
5.6.0:beta1
phpphp
5.6.0:beta2
phpphp
5.6.0:beta3
phpphp
5.6.0:beta4
phpphp
5.6.2
phpphp
5.6.3
phpphp
5.6.4
phpphp
5.6.5
phpphp
5.6.6
phpphp
5.6.7
redhatenterprise_linux_desktop
7.0
redhatenterprise_linux_hpc_node
7.0
redhatenterprise_linux_hpc_node_eus
7.1
redhatenterprise_linux_server
7.0
redhatenterprise_linux_server_eus
7.1
redhatenterprise_linux_workstation
7.0
redhatenterprise_linux
6.0
redhatenterprise_linux
7.0
applemac_os_x
𝑥
≤ 10.10.5
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
php5
utopic
Fixed 5.5.12+dfsg-2ubuntu4.4
released
trusty
Fixed 5.5.9+dfsg-1ubuntu4.9
released
precise
Fixed 5.3.10-1ubuntu3.18
released
lucid
Fixed 5.3.2-1ubuntu4.30
released
Common Weakness Enumeration
References
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html
http://marc.info/?l=bugtraq&m=143403519711434&w=2
http://marc.info/?l=bugtraq&m=143403519711434&w=2
http://php.net/ChangeLog-5.php
http://rhn.redhat.com/errata/RHSA-2015-1066.html
http://rhn.redhat.com/errata/RHSA-2015-1135.html
http://rhn.redhat.com/errata/RHSA-2015-1186.html
http://rhn.redhat.com/errata/RHSA-2015-1187.html
http://rhn.redhat.com/errata/RHSA-2015-1218.html
http://www.debian.org/security/2015/dsa-3280
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.securityfocus.com/bid/74239
http://www.securitytracker.com/id/1032146
http://www.ubuntu.com/usn/USN-2572-1
https://bugs.php.net/bug.php?id=69324
https://security.gentoo.org/glsa/201606-10
https://support.apple.com/HT205267
https://support.apple.com/kb/HT205031
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html
http://marc.info/?l=bugtraq&m=143403519711434&w=2
http://marc.info/?l=bugtraq&m=143403519711434&w=2
http://php.net/ChangeLog-5.php
http://rhn.redhat.com/errata/RHSA-2015-1066.html
http://rhn.redhat.com/errata/RHSA-2015-1135.html
http://rhn.redhat.com/errata/RHSA-2015-1186.html
http://rhn.redhat.com/errata/RHSA-2015-1187.html
http://rhn.redhat.com/errata/RHSA-2015-1218.html
http://www.debian.org/security/2015/dsa-3280
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.securityfocus.com/bid/74239
http://www.securitytracker.com/id/1032146
http://www.ubuntu.com/usn/USN-2572-1
https://bugs.php.net/bug.php?id=69324
https://security.gentoo.org/glsa/201606-10
https://support.apple.com/HT205267
https://support.apple.com/kb/HT205031