Back to search
CVE-2015-7803
Published: Dec 11, 2015
Modified: Aug 6, 2024
PUBLISHED
Description
The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator references a file that does not exist.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://support.apple.com/HT205637
x_refsource_CONFIRM
openSUSE-SU-2016:0251
vendor-advisory
x_refsource_SUSE
https://bugs.php.net/bug.php?id=69720
x_refsource_CONFIRM
DSA-3380
vendor-advisory
x_refsource_DEBIAN
APPLE-SA-2015-12-08-3
vendor-advisory
x_refsource_APPLE
SSA:2016-034-04
vendor-advisory
x_refsource_SLACKWARE
76959
vdb-entry
x_refsource_BID
http://www.php.net/ChangeLog-5.php
x_refsource_CONFIRM
[oss-security] 20151005 CVE request: issues fixed in PHP 5.6.14 and 5.5.30
mailing-list
x_refsource_MLIST
openSUSE-SU-2016:0366
vendor-advisory
x_refsource_SUSE
USN-2786-1
vendor-advisory
x_refsource_UBUNTU
SUSE-SU-2016:1145
vendor-advisory
x_refsource_SUSE
GLSA-201606-10
vendor-advisory
x_refsource_GENTOO
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now