Lucene search

K
cveMitreCVE-2015-3329
HistoryJun 09, 2015 - 6:59 p.m.

CVE-2015-3329

2015-06-0918:59:02
CWE-119
mitre
web.nvd.nist.gov
149
cve-2015-3329
php
buffer overflow
remote code execution
archive
security vulnerability

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8

Confidence

High

EPSS

0.681

Percentile

98.0%

Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive.

Affected configurations

Nvd
Node
applemac_os_xRange10.6.8
OR
applemac_os_xMatch10.9.5
OR
applemac_os_xMatch10.10.0
OR
applemac_os_xMatch10.10.1
OR
applemac_os_xMatch10.10.2
OR
applemac_os_xMatch10.10.3
OR
applemac_os_xMatch10.10.4
Node
redhatenterprise_linux_desktopMatch7.0
OR
redhatenterprise_linux_hpc_nodeMatch7.0
OR
redhatenterprise_linux_hpc_node_eusMatch7.1
OR
redhatenterprise_linux_serverMatch7.0
OR
redhatenterprise_linux_server_eusMatch7.1
OR
redhatenterprise_linux_workstationMatch7.0
Node
oraclelinuxMatch6
OR
oraclelinuxMatch7
OR
oraclesolarisMatch11.2
Node
phpphpRange5.4.39
OR
phpphpMatch5.5.0
OR
phpphpMatch5.5.0alpha1
OR
phpphpMatch5.5.0alpha2
OR
phpphpMatch5.5.0alpha3
OR
phpphpMatch5.5.0alpha4
OR
phpphpMatch5.5.0alpha5
OR
phpphpMatch5.5.0alpha6
OR
phpphpMatch5.5.0beta1
OR
phpphpMatch5.5.0beta2
OR
phpphpMatch5.5.0beta3
OR
phpphpMatch5.5.0beta4
OR
phpphpMatch5.5.0rc1
OR
phpphpMatch5.5.0rc2
OR
phpphpMatch5.5.1
OR
phpphpMatch5.5.2
OR
phpphpMatch5.5.3
OR
phpphpMatch5.5.4
OR
phpphpMatch5.5.5
OR
phpphpMatch5.5.6
OR
phpphpMatch5.5.7
OR
phpphpMatch5.5.8
OR
phpphpMatch5.5.9
OR
phpphpMatch5.5.10
OR
phpphpMatch5.5.11
OR
phpphpMatch5.5.12
OR
phpphpMatch5.5.13
OR
phpphpMatch5.5.14
OR
phpphpMatch5.5.18
OR
phpphpMatch5.5.19
OR
phpphpMatch5.5.20
OR
phpphpMatch5.5.21
OR
phpphpMatch5.5.22
OR
phpphpMatch5.5.23
OR
phpphpMatch5.6.0alpha1
OR
phpphpMatch5.6.0alpha2
OR
phpphpMatch5.6.0alpha3
OR
phpphpMatch5.6.0alpha4
OR
phpphpMatch5.6.0alpha5
OR
phpphpMatch5.6.0beta1
OR
phpphpMatch5.6.0beta2
OR
phpphpMatch5.6.0beta3
OR
phpphpMatch5.6.0beta4
OR
phpphpMatch5.6.2
OR
phpphpMatch5.6.3
OR
phpphpMatch5.6.4
OR
phpphpMatch5.6.5
OR
phpphpMatch5.6.6
OR
phpphpMatch5.6.7
Node
redhatenterprise_linuxMatch6.0
OR
redhatenterprise_linuxMatch7.0
VendorProductVersionCPE
applemac_os_xcpe:/o:apple:mac_os_x::::
applemac_os_x10.10.0cpe:/o:apple:mac_os_x:10.10.0:::
applemac_os_x10.10.1cpe:/o:apple:mac_os_x:10.10.1:::
applemac_os_x10.9.5cpe:/o:apple:mac_os_x:10.9.5:::
applemac_os_x10.10.3cpe:/o:apple:mac_os_x:10.10.3:::
applemac_os_x10.10.2cpe:/o:apple:mac_os_x:10.10.2:::
applemac_os_x10.10.4cpe:/o:apple:mac_os_x:10.10.4:::

References

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8

Confidence

High

EPSS

0.681

Percentile

98.0%