Vulnerability CVE-2015-5590
Published: 2016-01-19

Description:
Stack-based buffer overflow in the phar_fix_filepath function in ext/phar/phar.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value, as demonstrated by mishandling of an e-mail attachment by the imap PHP extension.

See advisories in our WLB2 database:
Topic
Author
Date
High
PHP 5.6.10 Buffer overflow and stack smashing error in phar_fix_filepath
jared
24.01.2016

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
PHP -> PHP 

 References:
http://git.php.net/?p=php-src.git;a=commit;h=6dedeb40db13971af45276f80b5375030aa7e76f
http://openwall.com/lists/oss-security/2015/07/18/1
http://www.debian.org/security/2015/dsa-3344
http://www.php.net/ChangeLog-5.php
http://www.securityfocus.com/bid/75970
https://bugs.php.net/bug.php?id=69923
Copyright 2025, cxsecurity.com

 

Back to Top