FreeBSD3D675519-5654-11E5-9AD8-14DAE9D210B8php -- multiple vulnerabilities
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.198 Low
EPSS
Percentile
96.3%
PHP reports:
Core:
Fixed bug #70172 (Use After Free Vulnerability in unserialize()).
Fixed bug #70219 (Use after free vulnerability in session deserializer).
EXIF:
Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes).
hash:
Fixed bug #70312 (HAVAL gives wrong hashes in specific cases).
PCRE:
Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions).
SOAP:
Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE).
SPL:
Fixed bug #70365 (Use-after-free vulnerability in unserialize() with SplObjectStorage).
Fixed bug #70366 (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList).
XSLT:
Fixed bug #69782 (NULL pointer dereference).
ZIP:
Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when creating directories).
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| FreeBSD | any | noarch | php5 | < 5.4.45 | UNKNOWN |
| FreeBSD | any | noarch | php5-soap | < 5.4.45 | UNKNOWN |
| FreeBSD | any | noarch | php5-xsl | < 5.4.45 | UNKNOWN |
| FreeBSD | any | noarch | php55 | < 5.5.29 | UNKNOWN |
| FreeBSD | any | noarch | php55-soap | < 5.5.29 | UNKNOWN |
| FreeBSD | any | noarch | php55-xsl | < 5.5.29 | UNKNOWN |
| FreeBSD | any | noarch | php56 | < 5.6.13 | UNKNOWN |
| FreeBSD | any | noarch | php56-soap | < 5.6.13 | UNKNOWN |
| FreeBSD | any | noarch | php56-xsl | < 5.6.13 | UNKNOWN |
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.198 Low
EPSS
Percentile
96.3%