Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4022.

References

git.php.net/?p=php-src.git%3Ba=commit%3Bh=0765623d6991b62ffcd93ddb6be8a5203a2fa7e2

openwall.com/lists/oss-security/2015/06/18/6

php.net/ChangeLog-5.php

rhn.redhat.com/errata/RHSA-2015-1135.html

rhn.redhat.com/errata/RHSA-2015-1186.html

rhn.redhat.com/errata/RHSA-2015-1187.html

rhn.redhat.com/errata/RHSA-2015-1218.html

www.debian.org/security/2015/dsa-3344

www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

www.securityfocus.com/bid/75291

www.securitytracker.com/id/1032709

bugs.php.net/bug.php?id=69545

security.gentoo.org/glsa/201606-10

ubuntucve 2

nvd 2

prion 2

cve 2

hackerone 2

f5 4

cvelist 1

checkpoint_advisories 1

freebsd 2

nessus 51

redhat 5

oraclelinux 4

openvas 39

mageia 2

debian 4

securityvulns 7

amazon 6

suse 5

fedora 3

osv 3

slackware 2

ubuntu 1

ibm 4

veracode 7

centos 2

gentoo 1

rosalinux 1

ubuntucve

CVE-2015-4643

2015-06-18 00:00:00

CVE-2015-4022

2015-06-09 00:00:00

nvd

CVE-2015-4643

2016-05-16 10:59:15

CVE-2015-4022

2015-06-09 18:59:05

prion

Integer overflow

2016-05-16 10:59:00

Integer overflow

2015-06-09 18:59:00

cve

CVE-2015-4643

2016-05-16 10:59:15

CVE-2015-4022

2015-06-09 18:59:05

hackerone

Internet Bug Bounty: Integer overflow in ftp_genlist() resulting in heap overflow

2015-04-28 00:00:00

Internet Bug Bounty: Improved fix for bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow)

2015-05-13 00:00:00

SOL16764 - PHP vulnerability CVE-2015-4022

2015-06-17 00:00:00

K80285422 : PHP vulnerabilities CVE-2015-4642, CVE-2015-4643, and CVE-2015-4644

2016-07-05 00:00:00

SOL80285422 - PHP vulnerabilities CVE-2015-4642, CVE-2015-4643, and CVE-2015-4644

2016-07-05 00:00:00

cvelist

CVE-2015-4022

2015-06-09 18:00:00

checkpoint_advisories

PHP ftp_genlist method Integer Overflow (CVE-2015-4022)

2015-07-01 00:00:00

freebsd

php5 -- multiple vulnerabilities

2015-06-11 00:00:00

php -- multiple vulnerabilities

2015-05-14 00:00:00

nessus

FreeBSD : php5 -- multiple vulnerabilities (cdff0af2-1492-11e5-a1cf-002590263bf5)

2015-06-23 00:00:00

Oracle Linux 6 / 7 : php54-php (ELSA-2015-1219)

2023-09-07 00:00:00

openSUSE Security Update : php5 (openSUSE-2015-396)

2015-06-04 00:00:00

redhat

(RHSA-2015:1219) Moderate: php54-php security update

2015-07-09 00:00:00

(RHSA-2015:1186) Important: php55-php security update

2015-06-25 00:00:00

(RHSA-2015:1187) Important: rh-php56-php security update

2015-06-25 00:00:00

oraclelinux

php54-php security update

2016-02-04 00:00:00

php55-php security update

2016-02-04 00:00:00

php security update

2015-07-09 00:00:00

openvas

PHP Multiple Vulnerabilities - 05 (Aug 2016) - Linux

2016-08-31 00:00:00

Oracle: Security Advisory (ELSA-2015-1219)

2016-02-05 00:00:00

Mageia: Security Advisory (MGASA-2015-0258)

2022-01-28 00:00:00

mageia

Updated php package fixes security vulnerability

2015-07-05 20:22:03

Updated php packages fix security vulnerabilities

2015-05-18 22:08:05

debian

[SECURITY] [DSA 3344-1] php5 security update

2015-08-27 15:00:09

[SECURITY] [DSA 3344-1] php5 security update

2015-08-27 15:00:09

[SECURITY] [DSA 3280-1] php5 security update

2015-06-07 17:06:52

securityvulns

[SECURITY] [DSA 3344-1] php5 security update

2015-08-31 00:00:00

PHP multiple security vulnerabilities

2015-06-13 00:00:00

[SECURITY] [DSA 3280-1] php5 security update

2015-06-08 00:00:00

amazon

Medium: php55

2015-06-02 22:21:00

Medium: php54

2015-07-07 12:39:00

Important: php56

2015-06-02 22:22:00

suse

Security update for php5 (important)

2015-07-17 11:08:12

Security update for php5 (important)

2015-07-17 10:12:10

Security update for PHP (important)

2015-07-17 20:09:41

fedora

[SECURITY] Fedora 22 Update: php-5.6.9-1.fc22

2015-05-26 03:40:42

[SECURITY] Fedora 21 Update: php-5.6.9-1.fc21

2015-05-27 16:13:20

[SECURITY] Fedora 20 Update: php-5.5.25-1.fc20

2015-05-27 16:23:41

osv

php5 - security update

2015-08-27 00:00:00

php5 - security update

2015-06-07 00:00:00

php5 - security update

2015-09-07 00:00:00

slackware

[slackware-security] php

2015-06-11 23:01:25

[slackware-security] php

2015-07-17 20:25:21

ubuntu

PHP vulnerabilities

2015-07-06 00:00:00

ibm

Security Bulletin: Multiple vulnerabilities in php affect IBM Flex System Manger (FSM)

2019-01-31 02:10:01

Security Bulletin: Multiple vulnerabilities affect IBM Flex System Chassis Management Module

2019-01-31 02:25:02

Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by multiple vulnerabilities in GNU C Library (glibc), krb5 and php

2020-11-02 20:22:51

veracode

Integer Overflow

2019-05-02 05:40:32

Heap-based Buffer Overflow

2019-05-02 05:39:55

Improper Input Validation

2019-05-02 05:39:56

centos

php security update

2015-06-24 03:28:02

php security update

2015-07-09 19:23:41

gentoo

PHP: Multiple vulnerabilities

2016-06-19 00:00:00

rosalinux

Advisory ROSA-SA-2021-1950

2021-07-02 17:57:45

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

9.3 High

AI Score

Confidence

High

0.031 Low

EPSS

Percentile

91.1%

JSON

Related for CVELIST:CVE-2015-4643