Lucene search

K
ubuntucveUbuntu.comUB:CVE-2015-2331
HistoryMar 30, 2015 - 12:00 a.m.

CVE-2015-2331

2015-03-3000:00:00
ubuntu.com
ubuntu.com
21

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.951

Percentile

99.4%

Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip
0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39,
5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows
remote attackers to cause a denial of service (application crash) or
possibly execute arbitrary code via a ZIP archive that contains many
entries, leading to a heap-based buffer overflow.

Bugs

Notes

Author Note
mdeslaur libzip in trusty and earlier doesn’t support ZIP64, so doesn’t look vulnerable. php5 in utopic and earlier doesn’t support ZIP64 either.
sbeattie fixed in libzip 1.0 release
OSVersionArchitecturePackageVersionFilename
ubuntu15.04noarchphp5< 5.6.4+dfsg-4ubuntu4UNKNOWN
ubuntu15.10noarchphp5< 5.6.4+dfsg-4ubuntu4UNKNOWN

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.951

Percentile

99.4%