Lucene search

[email protected]CVE-2015-5589

HistoryMay 16, 2016 - 10:59 a.m.

CVE-2015-5589

2016-05-1610:59:17

CWE-20

[email protected]

web.nvd.nist.gov

215

cve-2015-5589

php

remote

dos

vulnerability

nvd

security

tar archive

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.02 Low

EPSS

Percentile

89.0%

JSON

The phar_convert_to_other function in ext/phar/phar_object.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 does not validate a file pointer before a close operation, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted TAR archive that is mishandled in a Phar::convertToData call.

Affected configurations

NVD

Node

phpphpMatch5.6.0alpha1

phpphpMatch5.6.0alpha2

phpphpMatch5.6.0alpha3

phpphpMatch5.6.0alpha4

phpphpMatch5.6.0alpha5

phpphpMatch5.6.0beta1

phpphpMatch5.6.0beta2

phpphpMatch5.6.0beta3

phpphpMatch5.6.0beta4

phpphpMatch5.6.1

phpphpMatch5.6.2

phpphpMatch5.6.3

phpphpMatch5.6.4

phpphpMatch5.6.5

phpphpMatch5.6.6

phpphpMatch5.6.7

phpphpMatch5.6.8

phpphpMatch5.6.9

phpphpMatch5.6.10

Node

phpphpMatch5.5.0

phpphpMatch5.5.0alpha1

phpphpMatch5.5.0alpha2

phpphpMatch5.5.0alpha3

phpphpMatch5.5.0alpha4

phpphpMatch5.5.0alpha5

phpphpMatch5.5.0alpha6

phpphpMatch5.5.0beta1

phpphpMatch5.5.0beta2

phpphpMatch5.5.0beta3

phpphpMatch5.5.0beta4

phpphpMatch5.5.0rc1

phpphpMatch5.5.0rc2

phpphpMatch5.5.1

phpphpMatch5.5.2

phpphpMatch5.5.3

phpphpMatch5.5.4

phpphpMatch5.5.5

phpphpMatch5.5.6

phpphpMatch5.5.7

phpphpMatch5.5.8

phpphpMatch5.5.9

phpphpMatch5.5.10

phpphpMatch5.5.11

phpphpMatch5.5.12

phpphpMatch5.5.13

phpphpMatch5.5.14

phpphpMatch5.5.15

phpphpMatch5.5.16

phpphpMatch5.5.17

phpphpMatch5.5.18

phpphpMatch5.5.19

phpphpMatch5.5.20

phpphpMatch5.5.21

phpphpMatch5.5.22

phpphpMatch5.5.23

phpphpMatch5.5.24

phpphpMatch5.5.25

phpphpMatch5.5.26

Node

phpphpRange≤5.4.42

CPENameOperatorVersion
php:phpphpeq5.6.0
php:phpphpeq5.6.1
php:phpphpeq5.6.2
php:phpphpeq5.6.3
php:phpphpeq5.6.4
php:phpphpeq5.6.5
php:phpphpeq5.6.6
php:phpphpeq5.6.7
php:phpphpeq5.6.8
php:phpphpeq5.6.9

CPE	Name	Operator	Version
php:php	php	eq	5.6.0
php:php	php	eq	5.6.1
php:php	php	eq	5.6.2
php:php	php	eq	5.6.3
php:php	php	eq	5.6.4
php:php	php	eq	5.6.5
php:php	php	eq	5.6.6
php:php	php	eq	5.6.7
php:php	php	eq	5.6.8
php:php	php	eq	5.6.9