Lucene search

[email protected]NVD:CVE-2015-2331

HistoryMar 30, 2015 - 10:59 a.m.

CVE-2015-2331

2015-03-3010:59:12

CWE-189

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

High

0.953 High

EPSS

Percentile

99.4%

JSON

Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow.

Affected configurations

NVD

Node

nihlibzipRange≤0.11.2

Node

phpphpRange≤5.4.38

phpphpMatch5.5.0

phpphpMatch5.5.0alpha1

phpphpMatch5.5.0alpha2

phpphpMatch5.5.0alpha3

phpphpMatch5.5.0alpha4

phpphpMatch5.5.0alpha5

phpphpMatch5.5.0alpha6

phpphpMatch5.5.0beta1

phpphpMatch5.5.0beta2

phpphpMatch5.5.0beta3

phpphpMatch5.5.0beta4

phpphpMatch5.5.0rc1

phpphpMatch5.5.0rc2

phpphpMatch5.5.1

phpphpMatch5.5.2

phpphpMatch5.5.3

phpphpMatch5.5.4

phpphpMatch5.5.5

phpphpMatch5.5.6

phpphpMatch5.5.7

phpphpMatch5.5.8

phpphpMatch5.5.9

phpphpMatch5.5.10

phpphpMatch5.5.11

phpphpMatch5.5.12

phpphpMatch5.5.13

phpphpMatch5.5.14

phpphpMatch5.5.15

phpphpMatch5.5.16

phpphpMatch5.5.17

phpphpMatch5.5.18

phpphpMatch5.5.19

phpphpMatch5.5.20

phpphpMatch5.5.21

phpphpMatch5.5.22

phpphpMatch5.6.0alpha1

phpphpMatch5.6.0alpha2

phpphpMatch5.6.0alpha3

phpphpMatch5.6.0alpha4

phpphpMatch5.6.0alpha5

phpphpMatch5.6.0beta1

phpphpMatch5.6.0beta2

phpphpMatch5.6.0beta3

phpphpMatch5.6.0beta4

phpphpMatch5.6.1

phpphpMatch5.6.2

phpphpMatch5.6.3

phpphpMatch5.6.4

phpphpMatch5.6.5

phpphpMatch5.6.6

Node

debiandebian_linuxMatch7.0

fedoraprojectfedoraMatch22

opensuseopensuseMatch13.1

opensuseopensuseMatch13.2

References

git.php.net/?p=php-src.git%3Ba=commit%3Bh=ef8fc4b53d92fbfcd8ef1abbd6f2f5fe2c4a11e5

hg.nih.at/libzip/rev/9f11d54f692e

lists.apple.com/archives/security-announce/2015/Sep/msg00008.html

lists.fedoraproject.org/pipermail/package-announce/2015-April/154266.html

lists.fedoraproject.org/pipermail/package-announce/2015-April/154276.html

lists.fedoraproject.org/pipermail/package-announce/2015-April/154666.html

lists.fedoraproject.org/pipermail/package-announce/2015-April/155299.html

lists.fedoraproject.org/pipermail/package-announce/2015-April/155622.html

lists.fedoraproject.org/pipermail/package-announce/2015-March/153983.html

lists.opensuse.org/opensuse-updates/2015-03/msg00083.html

lists.opensuse.org/opensuse-updates/2015-04/msg00002.html

marc.info/?l=bugtraq&m=143403519711434&w=2

marc.info/?l=bugtraq&m=143748090628601&w=2

marc.info/?l=bugtraq&m=144050155601375&w=2

php.net/ChangeLog-5.php

www.debian.org/security/2015/dsa-3198

www.mandriva.com/security/advisories?name=MDVSA-2015:079

www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

www.securitytracker.com/id/1031985

bugs.php.net/bug.php?id=69253

support.apple.com/HT205267

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

High

0.953 High

EPSS

Percentile

99.4%

JSON

Related for NVD:CVE-2015-2331

freebsd2 openvas21 fedora9 prion1 hackerone1 cvelist1 nessus29 ubuntucve1 checkpoint_advisories1 cve1 archlinux1 debiancve1 osv3 f52 rosalinux2 debian4 securityvulns5 amazon3 kaspersky2 mageia1 slackware1 cloudlinux1