Back to search
CVE-2015-7804
Published: Dec 11, 2015
Modified: Aug 6, 2024
PUBLISHED
Description
Off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (uninitialized pointer dereference and application crash) by including the / filename in a .zip PHAR archive.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://support.apple.com/HT205637
x_refsource_CONFIRM
openSUSE-SU-2016:0251
vendor-advisory
x_refsource_SUSE
DSA-3380
vendor-advisory
x_refsource_DEBIAN
APPLE-SA-2015-12-08-3
vendor-advisory
x_refsource_APPLE
SSA:2016-034-04
vendor-advisory
x_refsource_SLACKWARE
76959
vdb-entry
x_refsource_BID
http://www.php.net/ChangeLog-5.php
x_refsource_CONFIRM
https://bugs.php.net/bug.php?id=70433
x_refsource_CONFIRM
[oss-security] 20151005 CVE request: issues fixed in PHP 5.6.14 and 5.5.30
mailing-list
x_refsource_MLIST
USN-2786-1
vendor-advisory
x_refsource_UBUNTU
GLSA-201606-10
vendor-advisory
x_refsource_GENTOO
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now