CVE-2015-4643

Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4022.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
VendorProductVersion
phpphp
𝑥
< 5.4.42
phpphp
5.5.0 ≤
𝑥
< 5.5.26
phpphp
5.6.0 ≤
𝑥
< 5.6.10
debiandebian_linux
7.0
debiandebian_linux
8.0
redhatenterprise_linux_desktop
6.0
redhatenterprise_linux_desktop
7.0
redhatenterprise_linux_server
6.0
redhatenterprise_linux_server
7.0
redhatenterprise_linux_server_aus
6.6
redhatenterprise_linux_server_aus
7.3
redhatenterprise_linux_server_aus
7.4
redhatenterprise_linux_server_aus
7.6
redhatenterprise_linux_server_eus
6.6
redhatenterprise_linux_server_eus
7.1
redhatenterprise_linux_server_eus
7.2
redhatenterprise_linux_server_eus
7.3
redhatenterprise_linux_server_eus
7.4
redhatenterprise_linux_server_eus
7.5
redhatenterprise_linux_server_eus
7.6
redhatenterprise_linux_server_tus
6.6
redhatenterprise_linux_server_tus
7.3
redhatenterprise_linux_server_tus
7.6
redhatenterprise_linux_workstation
6.0
redhatenterprise_linux_workstation
7.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
php5
vivid
Fixed 5.6.4+dfsg-4ubuntu6.2
released
utopic
Fixed 5.5.12+dfsg-2ubuntu4.6
released
trusty
Fixed 5.5.9+dfsg-1ubuntu4.11
released
precise
Fixed 5.3.10-1ubuntu3.19
released
Common Weakness Enumeration
References
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=0765623d6991b62ffcd93ddb6be8a5203a2fa7e2
http://openwall.com/lists/oss-security/2015/06/18/6
http://php.net/ChangeLog-5.php
http://rhn.redhat.com/errata/RHSA-2015-1135.html
http://rhn.redhat.com/errata/RHSA-2015-1186.html
http://rhn.redhat.com/errata/RHSA-2015-1187.html
http://rhn.redhat.com/errata/RHSA-2015-1218.html
http://www.debian.org/security/2015/dsa-3344
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.securityfocus.com/bid/75291
http://www.securitytracker.com/id/1032709
https://bugs.php.net/bug.php?id=69545
https://security.gentoo.org/glsa/201606-10
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=0765623d6991b62ffcd93ddb6be8a5203a2fa7e2
http://openwall.com/lists/oss-security/2015/06/18/6
http://php.net/ChangeLog-5.php
http://rhn.redhat.com/errata/RHSA-2015-1135.html
http://rhn.redhat.com/errata/RHSA-2015-1186.html
http://rhn.redhat.com/errata/RHSA-2015-1187.html
http://rhn.redhat.com/errata/RHSA-2015-1218.html
http://www.debian.org/security/2015/dsa-3344
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.securityfocus.com/bid/75291
http://www.securitytracker.com/id/1032709
https://bugs.php.net/bug.php?id=69545
https://security.gentoo.org/glsa/201606-10