CVE-2015-3329

2015-06-0918:59:00

CWE-119

[email protected]

web.nvd.nist.gov

139

cve-2015-3329

php

buffer overflow

remote code execution

archive

security vulnerability

7.8 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.615 Medium

EPSS

Percentile

97.8%

JSON

Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive.

CPENameOperatorVersion
apple:mac_os_xapple mac os xeq10.10.0
apple:mac_os_xapple mac os xle10.6.8
apple:mac_os_xapple mac os xeq10.10.4
apple:mac_os_xapple mac os xeq10.10.1
apple:mac_os_xapple mac os xeq10.9.5
apple:mac_os_xapple mac os xeq10.10.3
apple:mac_os_xapple mac os xeq10.10.2
redhat:enterprise_linux_desktopredhat enterprise linux desktopeq7.0
redhat:enterprise_linux_workstationredhat enterprise linux workstationeq7.0
redhat:enterprise_linux_serverredhat enterprise linux servereq7.0

CPE	Name	Operator	Version
apple:mac_os_x	apple mac os x	eq	10.10.0
apple:mac_os_x	apple mac os x	le	10.6.8
apple:mac_os_x	apple mac os x	eq	10.10.4
apple:mac_os_x	apple mac os x	eq	10.10.1
apple:mac_os_x	apple mac os x	eq	10.9.5
apple:mac_os_x	apple mac os x	eq	10.10.3
apple:mac_os_x	apple mac os x	eq	10.10.2
redhat:enterprise_linux_desktop	redhat enterprise linux desktop	eq	7.0
redhat:enterprise_linux_workstation	redhat enterprise linux workstation	eq	7.0
redhat:enterprise_linux_server	redhat enterprise linux server	eq	7.0