Computer Security
[EN] securityvulns.ru no-pyccku


PHP security vulnerabilities
Published:02.11.2015
Source:
SecurityVulns ID:14753
Type:library
Threat Level:
5/10
Description:PHAR extension DoS.
Affected:PHP : PHP 5.6
CVE:CVE-2015-7804 (Off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (uninitialized pointer dereference and application crash) by including the / filename in a .zip PHAR archive.)
 CVE-2015-7803 (The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator references a file that does not exist.)
Original documentdocumentUBUNTU, [USN-2786-1] PHP vulnerabilities (02.11.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod