Lucene search

[email protected]NVD:CVE-2015-3329

HistoryJun 09, 2015 - 6:59 p.m.

CVE-2015-3329

2015-06-0918:59:02

CWE-119

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.2 High

AI Score

Confidence

High

0.615 Medium

EPSS

Percentile

97.8%

JSON

Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive.

Affected configurations

NVD

Node

applemac_os_xRange≤10.6.8

applemac_os_xMatch10.9.5

applemac_os_xMatch10.10.0

applemac_os_xMatch10.10.1

applemac_os_xMatch10.10.2

applemac_os_xMatch10.10.3

applemac_os_xMatch10.10.4

Node

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_hpc_nodeMatch7.0

redhatenterprise_linux_hpc_node_eusMatch7.1

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_server_eusMatch7.1

redhatenterprise_linux_workstationMatch7.0

Node

oraclelinuxMatch6

oraclelinuxMatch7

oraclesolarisMatch11.2

Node

phpphpRange≤5.4.39

phpphpMatch5.5.0

phpphpMatch5.5.0alpha1

phpphpMatch5.5.0alpha2

phpphpMatch5.5.0alpha3

phpphpMatch5.5.0alpha4

phpphpMatch5.5.0alpha5

phpphpMatch5.5.0alpha6

phpphpMatch5.5.0beta1

phpphpMatch5.5.0beta2

phpphpMatch5.5.0beta3

phpphpMatch5.5.0beta4

phpphpMatch5.5.0rc1

phpphpMatch5.5.0rc2

phpphpMatch5.5.1

phpphpMatch5.5.2

phpphpMatch5.5.3

phpphpMatch5.5.4

phpphpMatch5.5.5

phpphpMatch5.5.6

phpphpMatch5.5.7

phpphpMatch5.5.8

phpphpMatch5.5.9

phpphpMatch5.5.10

phpphpMatch5.5.11

phpphpMatch5.5.12

phpphpMatch5.5.13

phpphpMatch5.5.14

phpphpMatch5.5.18

phpphpMatch5.5.19

phpphpMatch5.5.20

phpphpMatch5.5.21

phpphpMatch5.5.22

phpphpMatch5.5.23

phpphpMatch5.6.0alpha1

phpphpMatch5.6.0alpha2

phpphpMatch5.6.0alpha3

phpphpMatch5.6.0alpha4

phpphpMatch5.6.0alpha5

phpphpMatch5.6.0beta1

phpphpMatch5.6.0beta2

phpphpMatch5.6.0beta3

phpphpMatch5.6.0beta4

phpphpMatch5.6.2

phpphpMatch5.6.3

phpphpMatch5.6.4

phpphpMatch5.6.5

phpphpMatch5.6.6

phpphpMatch5.6.7

Node

redhatenterprise_linuxMatch6.0

redhatenterprise_linuxMatch7.0

References

git.php.net/?p=php-src.git%3Ba=commit%3Bh=f59b67ae50064560d7bfcdb0d6a8ab284179053c

lists.apple.com/archives/security-announce/2015/Aug/msg00001.html

lists.apple.com/archives/security-announce/2015/Sep/msg00008.html

lists.opensuse.org/opensuse-security-announce/2015-05/msg00004.html

lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html

php.net/ChangeLog-5.php

rhn.redhat.com/errata/RHSA-2015-1066.html

rhn.redhat.com/errata/RHSA-2015-1135.html

rhn.redhat.com/errata/RHSA-2015-1186.html

rhn.redhat.com/errata/RHSA-2015-1187.html

rhn.redhat.com/errata/RHSA-2015-1218.html

www.debian.org/security/2015/dsa-3280

www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

www.securityfocus.com/bid/74240

www.securitytracker.com/id/1032145

www.ubuntu.com/usn/USN-2572-1

bugs.php.net/bug.php?id=69441

security.gentoo.org/glsa/201606-10

support.apple.com/HT205267

support.apple.com/kb/HT205031

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.2 High

AI Score

Confidence

High

0.615 Medium

EPSS

Percentile

97.8%

JSON

Related for NVD:CVE-2015-3329

cve1 f52 prion1 ubuntucve1 hackerone1 cvelist1 checkpoint_advisories1 openvas25 suse3 mageia1 securityvulns7 amazon3 nessus36 fedora2 ubuntu1 debian2 osv2 veracode19 redhat5 oraclelinux4 centos2 gentoo1 rosalinux1