CVE-2015-4024

2015-06-0900:00:00

ubuntu.com

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.713 High

EPSS

Percentile

98.0%

JSON

Algorithmic complexity vulnerability in the multipart_buffer_headers
function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and
5.6.x before 5.6.9 allows remote attackers to cause a denial of service
(CPU consumption) via crafted form data that triggers an improper
order-of-growth outcome.

Bugs

<https://bugs.php.net/bug.php?id=69364>

OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchphp5< 5.3.10-1ubuntu3.19UNKNOWN
ubuntu14.04noarchphp5< 5.5.9+dfsg-1ubuntu4.11UNKNOWN
ubuntu14.10noarchphp5< 5.5.12+dfsg-2ubuntu4.6UNKNOWN
ubuntu15.04noarchphp5< 5.6.4+dfsg-4ubuntu6.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	12.04	noarch	php5	< 5.3.10-1ubuntu3.19	UNKNOWN
ubuntu	14.04	noarch	php5	< 5.5.9+dfsg-1ubuntu4.11	UNKNOWN
ubuntu	14.10	noarch	php5	< 5.5.12+dfsg-2ubuntu4.6	UNKNOWN
ubuntu	15.04	noarch	php5	< 5.6.4+dfsg-4ubuntu6.2	UNKNOWN