CVE-2015-4643

Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4022.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
Affected Products (NVD)
VendorProductVersion
phpphp
𝑥
< 5.4.42
phpphp
5.5.0 ≤
𝑥
< 5.5.26
phpphp
5.6.0 ≤
𝑥
< 5.6.10
debiandebian_linux
7.0
debiandebian_linux
8.0
redhatenterprise_linux_desktop
6.0
redhatenterprise_linux_desktop
7.0
redhatenterprise_linux_server
6.0
redhatenterprise_linux_server
7.0
redhatenterprise_linux_server_aus
6.6
redhatenterprise_linux_server_aus
7.3
redhatenterprise_linux_server_aus
7.4
redhatenterprise_linux_server_aus
7.6
redhatenterprise_linux_server_eus
6.6
redhatenterprise_linux_server_eus
7.1
redhatenterprise_linux_server_eus
7.2
redhatenterprise_linux_server_eus
7.3
redhatenterprise_linux_server_eus
7.4
redhatenterprise_linux_server_eus
7.5
redhatenterprise_linux_server_eus
7.6
redhatenterprise_linux_server_tus
6.6
redhatenterprise_linux_server_tus
7.3
redhatenterprise_linux_server_tus
7.6
redhatenterprise_linux_workstation
6.0
redhatenterprise_linux_workstation
7.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
php5
precise
Fixed 5.3.10-1ubuntu3.19
released
trusty
Fixed 5.5.9+dfsg-1ubuntu4.11
released
utopic
Fixed 5.5.12+dfsg-2ubuntu4.6
released
vivid
Fixed 5.6.4+dfsg-4ubuntu6.2
released
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
php
RHEL 6
0:5.3.3-46.el6_6
fixed
RHEL 7
0:5.4.16-36.el7_1
fixed
php-bcmath
RHEL 6
0:5.3.3-46.el6_6
fixed
RHEL 7
0:5.4.16-36.el7_1
fixed
php-cli
RHEL 6
0:5.3.3-46.el6_6
fixed
RHEL 7
0:5.4.16-36.el7_1
fixed
php-common
RHEL 6
0:5.3.3-46.el6_6
fixed
RHEL 7
0:5.4.16-36.el7_1
fixed
php-dba
RHEL 6
0:5.3.3-46.el6_6
fixed
RHEL 7
0:5.4.16-36.el7_1
fixed
php-devel
RHEL 6
0:5.3.3-46.el6_6
fixed
RHEL 7
0:5.4.16-36.el7_1
fixed
php-embedded
RHEL 6
0:5.3.3-46.el6_6
fixed
RHEL 7
0:5.4.16-36.el7_1
fixed
php-enchant
RHEL 6
0:5.3.3-46.el6_6
fixed
RHEL 7
0:5.4.16-36.el7_1
fixed
php-fpm
RHEL 6
0:5.3.3-46.el6_6
fixed
RHEL 7
0:5.4.16-36.el7_1
fixed
php-gd
RHEL 6
0:5.3.3-46.el6_6
fixed
RHEL 7
0:5.4.16-36.el7_1
fixed
php-imap
RHEL 6
0:5.3.3-46.el6_6
fixed
php-intl
RHEL 6
0:5.3.3-46.el6_6
fixed
RHEL 7
0:5.4.16-36.el7_1
fixed
php-ldap
RHEL 6
0:5.3.3-46.el6_6
fixed
RHEL 7
0:5.4.16-36.el7_1
fixed
php-mbstring
RHEL 6
0:5.3.3-46.el6_6
fixed
RHEL 7
0:5.4.16-36.el7_1
fixed
php-mysql
RHEL 6
0:5.3.3-46.el6_6
fixed
RHEL 7
0:5.4.16-36.el7_1
fixed
php-mysqlnd
RHEL 7
0:5.4.16-36.el7_1
fixed
php-odbc
RHEL 6
0:5.3.3-46.el6_6
fixed
RHEL 7
0:5.4.16-36.el7_1
fixed
php-pdo
RHEL 6
0:5.3.3-46.el6_6
fixed
RHEL 7
0:5.4.16-36.el7_1
fixed
php-pgsql
RHEL 6
0:5.3.3-46.el6_6
fixed
RHEL 7
0:5.4.16-36.el7_1
fixed
php-process
RHEL 6
0:5.3.3-46.el6_6
fixed
RHEL 7
0:5.4.16-36.el7_1
fixed
php-pspell
RHEL 6
0:5.3.3-46.el6_6
fixed
RHEL 7
0:5.4.16-36.el7_1
fixed
php-recode
RHEL 6
0:5.3.3-46.el6_6
fixed
RHEL 7
0:5.4.16-36.el7_1
fixed
php-snmp
RHEL 6
0:5.3.3-46.el6_6
fixed
RHEL 7
0:5.4.16-36.el7_1
fixed
php-soap
RHEL 6
0:5.3.3-46.el6_6
fixed
RHEL 7
0:5.4.16-36.el7_1
fixed
php-tidy
RHEL 6
0:5.3.3-46.el6_6
fixed
php-xml
RHEL 6
0:5.3.3-46.el6_6
fixed
RHEL 7
0:5.4.16-36.el7_1
fixed
php-xmlrpc
RHEL 6
0:5.3.3-46.el6_6
fixed
RHEL 7
0:5.4.16-36.el7_1
fixed
php-zts
RHEL 6
0:5.3.3-46.el6_6
fixed
Common Weakness Enumeration
References
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=0765623d6991b62ffcd93ddb6be8a5203a2fa7e2
http://openwall.com/lists/oss-security/2015/06/18/6
http://php.net/ChangeLog-5.php
http://rhn.redhat.com/errata/RHSA-2015-1135.html
http://rhn.redhat.com/errata/RHSA-2015-1186.html
http://rhn.redhat.com/errata/RHSA-2015-1187.html
http://rhn.redhat.com/errata/RHSA-2015-1218.html
http://www.debian.org/security/2015/dsa-3344
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.securityfocus.com/bid/75291
http://www.securitytracker.com/id/1032709
https://bugs.php.net/bug.php?id=69545
https://security.gentoo.org/glsa/201606-10
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=0765623d6991b62ffcd93ddb6be8a5203a2fa7e2
http://openwall.com/lists/oss-security/2015/06/18/6
http://php.net/ChangeLog-5.php
http://rhn.redhat.com/errata/RHSA-2015-1135.html
http://rhn.redhat.com/errata/RHSA-2015-1186.html
http://rhn.redhat.com/errata/RHSA-2015-1187.html
http://rhn.redhat.com/errata/RHSA-2015-1218.html
http://www.debian.org/security/2015/dsa-3344
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.securityfocus.com/bid/75291
http://www.securitytracker.com/id/1032709
https://bugs.php.net/bug.php?id=69545
https://security.gentoo.org/glsa/201606-10