CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
99.4%
Heap overflow vulnerability in regcomp.c in the ereg extension in PHP before 5.5.23 on 32-bit systems (CVE-2015-2305). Integer overflow in zip extension in PHP before 5.5.23 leads to writing past heap boundary (CVE-2015-2331). Use after free vulnerability in unserialize() in PHP before 5.5.23 (CVE-2015-2787). PHP has been updated to version 5.5.23, which fixes these issues and other bugs. The php zip extension uses the libzip library, so it has been patched to fix CVE-2015-2331.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 4 | noarch | php | < 5.5.23-1 | php-5.5.23-1.mga4 |
Mageia | 4 | noarch | php-apc | < 3.1.15-4.13 | php-apc-3.1.15-4.13.mga4 |
Mageia | 4 | noarch | libzip | < 0.11.2-1.1 | libzip-0.11.2-1.1.mga4 |