Lucene search

[email protected]NVD:CVE-2015-0273

HistoryMar 30, 2015 - 10:59 a.m.

CVE-2015-0273

2015-03-3010:59:06

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

High

0.955 High

EPSS

Percentile

99.4%

JSON

Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handled by the php_date_timezone_initialize_from_hash function or (b) DateTime data handled by the php_date_initialize_from_hash function.

Affected configurations

NVD

Node

phpphpRange≤5.4.37

phpphpMatch5.5.0

phpphpMatch5.5.0alpha1

phpphpMatch5.5.0alpha2

phpphpMatch5.5.0alpha3

phpphpMatch5.5.0alpha4

phpphpMatch5.5.0alpha5

phpphpMatch5.5.0alpha6

phpphpMatch5.5.0beta1

phpphpMatch5.5.0beta2

phpphpMatch5.5.0beta3

phpphpMatch5.5.0beta4

phpphpMatch5.5.0rc1

phpphpMatch5.5.0rc2

phpphpMatch5.5.1

phpphpMatch5.5.2

phpphpMatch5.5.3

phpphpMatch5.5.4

phpphpMatch5.5.5

phpphpMatch5.5.6

phpphpMatch5.5.7

phpphpMatch5.5.8

phpphpMatch5.5.9

phpphpMatch5.5.10

phpphpMatch5.5.11

phpphpMatch5.5.12

phpphpMatch5.5.13

phpphpMatch5.5.14

phpphpMatch5.5.15

phpphpMatch5.5.16

phpphpMatch5.5.17

phpphpMatch5.5.18

phpphpMatch5.5.19

phpphpMatch5.5.20

phpphpMatch5.5.21

phpphpMatch5.6.0alpha1

phpphpMatch5.6.0alpha2

phpphpMatch5.6.0alpha3

phpphpMatch5.6.0alpha4

phpphpMatch5.6.0alpha5

phpphpMatch5.6.0beta1

phpphpMatch5.6.0beta2

phpphpMatch5.6.0beta3

phpphpMatch5.6.0beta4

phpphpMatch5.6.1

phpphpMatch5.6.2

phpphpMatch5.6.3

phpphpMatch5.6.4

phpphpMatch5.6.5

References

git.php.net/?p=php-src.git%3Ba=commit%3Bh=71335e6ebabc1b12c057d8017fd811892ecdfd24

lists.apple.com/archives/security-announce/2015/Jun/msg00002.html

lists.apple.com/archives/security-announce/2015/Oct/msg00005.html

lists.apple.com/archives/security-announce/2015/Sep/msg00008.html

lists.opensuse.org/opensuse-security-announce/2015-03/msg00002.html

lists.opensuse.org/opensuse-security-announce/2015-03/msg00003.html

lists.opensuse.org/opensuse-security-announce/2015-03/msg00004.html

marc.info/?l=bugtraq&m=143403519711434&w=2

marc.info/?l=bugtraq&m=143748090628601&w=2

marc.info/?l=bugtraq&m=144050155601375&w=2

php.net/ChangeLog-5.php

rhn.redhat.com/errata/RHSA-2015-1053.html

rhn.redhat.com/errata/RHSA-2015-1066.html

rhn.redhat.com/errata/RHSA-2015-1135.html

rhn.redhat.com/errata/RHSA-2015-1218.html

support.apple.com/kb/HT204942

www.debian.org/security/2015/dsa-3195

www.mandriva.com/security/advisories?name=MDVSA-2015:079

www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

www.securityfocus.com/bid/72701

www.securitytracker.com/id/1031945

www.ubuntu.com/usn/USN-2535-1

bugs.php.net/bug.php?id=68942

bugzilla.redhat.com/show_bug.cgi?id=1194730

security.gentoo.org/glsa/201606-10

support.apple.com/HT205267

support.apple.com/HT205375

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

High

0.955 High

EPSS

Percentile

99.4%

JSON

CVE-2015-0273

Affected configurations

References

Related