Heap overflow vulnerability in regcomp.c in the ereg extension in PHP before 5.5.23 on 32-bit systems (CVE-2015-2305). Integer overflow in zip extension in PHP before 5.5.23 leads to writing past heap boundary (CVE-2015-2331). Use after free vulnerability in unserialize() in PHP before 5.5.23 (CVE-2015-2787). PHP has been updated to version 5.5.23, which fixes these issues and other bugs. The php zip extension uses the libzip library, so it has been patched to fix CVE-2015-2331.

OSVersionArchitecturePackageVersionFilename
Mageia4noarchphp< 5.5.23-1php-5.5.23-1.mga4
Mageia4noarchphp-apc< 3.1.15-4.13php-apc-3.1.15-4.13.mga4
Mageia4noarchlibzip< 0.11.2-1.1libzip-0.11.2-1.1.mga4

OS	Version	Architecture	Package	Version	Filename
Mageia	4	noarch	php	< 5.5.23-1	php-5.5.23-1.mga4
Mageia	4	noarch	php-apc	< 3.1.15-4.13	php-apc-3.1.15-4.13.mga4
Mageia	4	noarch	libzip	< 0.11.2-1.1	libzip-0.11.2-1.1.mga4

References

php.net/ChangeLog-5.php#5.5.23

bugs.mageia.org/show_bug.cgi?id=15520

www.debian.org/security/2015/dsa-3195

openvas 42

amazon 4

kaspersky 2

nessus 53

freebsd 3

ubuntucve 3

fedora 12

prion 3

hackerone 2

checkpoint_advisories 1

archlinux 2

cve 3

debiancve 2

f5 6

veracode 27

ubuntu 2

debian 6

rosalinux 1

securityvulns 4

osv 6

slackware 1

suse 1

mageia 1

oraclelinux 3

redhat 3

ibm 5

centos 1

openvas

Mageia: Security Advisory (MGASA-2015-0134)

2022-01-28 00:00:00

Amazon Linux: Security Advisory (ALAS-2015-508)

2015-09-08 00:00:00

Amazon Linux: Security Advisory (ALAS-2015-507)

2015-09-08 00:00:00

amazon

Important: php55

2015-04-15 21:49:00

Important: php56

2015-04-15 21:50:00

Important: php54

2015-04-15 21:49:00

kaspersky

KLA10515 Multiple vulnerabilities in PHP and extensions

2015-03-30 00:00:00

KLA10514 Multiple vulnerabilities in PHP and plugins

2015-03-30 00:00:00

nessus

Fedora 22 : php-5.6.7-2.fc22 (2015-4255)

2015-03-27 00:00:00

Amazon Linux AMI : php56 (ALAS-2015-508)

2015-04-17 00:00:00

Fedora 21 : php-5.6.7-1.fc21 (2015-4236)

2015-03-31 00:00:00

freebsd

Several vulnerabilities found in PHP

2015-03-19 00:00:00

libzip -- integer overflow

2015-03-18 00:00:00

clamav -- multiple vulnerabilities

2015-04-29 00:00:00

ubuntucve

CVE-2015-2331

2015-03-30 00:00:00

CVE-2015-2305

2015-03-30 00:00:00

CVE-2015-2787

2015-03-30 00:00:00

fedora

[SECURITY] Fedora 21 Update: libzip-0.11.2-5.fc21

2015-04-21 19:28:27

[SECURITY] Fedora 22 Update: php-5.6.7-2.fc22

2015-03-26 22:08:56

[SECURITY] Fedora 22 Update: libzip-0.11.2-5.fc22

2015-04-17 02:29:38

prion

Integer overflow

2015-03-30 10:59:00

Integer overflow

2015-03-30 10:59:00

Design/Logic Flaw

2015-03-30 10:59:00

hackerone

Internet Bug Bounty: ZIP Integer Overflow leads to writing past heap boundary

2015-03-18 00:00:00

Internet Bug Bounty: Use After Free Vulnerability in unserialize()

2015-02-03 00:00:00

checkpoint_advisories

PHP Group PHP ZIP Integer Overflow (CVE-2015-2331)

2015-04-14 00:00:00

archlinux

php: integer overflow

2015-03-28 00:00:00

clamav: multiple issues

2015-05-03 00:00:00

cve

CVE-2015-2331

2015-03-30 10:59:00

CVE-2015-2305

2015-03-30 10:59:00

CVE-2015-2787

2015-03-30 10:59:00

debiancve

CVE-2015-2331

2015-03-30 10:59:00

CVE-2015-2305

2015-03-30 10:59:00

K16831 : BSD regex library vulnerability CVE-2015-2305

2015-07-01 00:00:00

SOL16831 - BSD regex library vulnerability CVE-2015-2305

2015-07-01 00:00:00

SOL16714 - PHP vulnerabilities CVE-2015-2301 and CVE-2015-2331

2015-06-08 00:00:00

veracode

Heap-based Buffer Overflow

2019-05-02 05:39:23

Remote Code Execution (RCE) Via Memory Corruption

2019-05-02 05:39:23

Memory Corruption

2019-05-02 05:39:23

ubuntu

PHP vulnerabilities

2015-04-20 00:00:00

ClamAV vulnerabilities

2015-05-05 00:00:00

debian

[SECURITY] [DSA 3198-2] php5 regression update

2015-03-28 18:47:31

[SECURITY] [DSA 3198-2] php5 regression update

2015-03-28 18:47:31

[SECURITY] [DSA 3198-1] php5 security update

2015-03-20 17:31:08

rosalinux

Advisory ROSA-SA-2021-1907

2021-07-02 17:26:08

securityvulns

[SECURITY] [DSA 3198-1] php5 security update

2015-03-21 00:00:00

PHP multiple security vulnerabilities

2015-03-21 00:00:00

[ MDVSA-2015:221 ] clamav

2015-05-04 00:00:00

osv

php5 - regression update

2015-03-20 00:00:00

php5 - security update

2015-03-20 00:00:00

php5 - security update

2015-04-29 00:00:00

slackware

[slackware-security] php

2015-04-22 01:22:40

suse

Security update for php5 (important)

2015-05-13 15:07:04

mageia

Updated clamav packages fix security vulnerabilities

2015-05-05 16:36:50

oraclelinux

php55 security and bug fix update

2016-02-04 00:00:00

php54 security and bug fix update

2016-02-04 00:00:00

php security update

2015-07-09 00:00:00

redhat

(RHSA-2015:1053) Moderate: php55 security and bug fix update

2015-06-04 00:00:00

(RHSA-2015:1066) Important: php54 security and bug fix update

2015-06-04 00:00:00

(RHSA-2015:1218) Moderate: php security update

2015-07-09 00:00:00

ibm

Security Bulletin: Multiple vulnerabilities in php affect IBM Flex System Manger (FSM)

2019-01-31 02:10:01

Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by multiple vulnerabilities in GNU C Library (glibc), krb5 and php

2020-11-02 20:22:51

Security Bulletin: Multiple vulnerabilities affect IBM Flex System Chassis Management Module

2019-01-31 02:25:02

centos

php security update

2015-07-09 19:23:41

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.953 High

EPSS

Percentile

99.3%

JSON

Related for MGASA-2015-0134