Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2015-3329

Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive.

Published

2015-06-09T18:59:02.537

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-119

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	apple	mac_os_x	≤ 10.6.8	Yes
Operating System	apple	mac_os_x	10.9.5	Yes
Operating System	apple	mac_os_x	10.10.0	Yes
Operating System	apple	mac_os_x	10.10.1	Yes
Operating System	apple	mac_os_x	10.10.2	Yes
Operating System	apple	mac_os_x	10.10.3	Yes
Operating System	apple	mac_os_x	10.10.4	Yes
Operating System	redhat	enterprise_linux_desktop	7.0	Yes
Operating System	redhat	enterprise_linux_hpc_node	7.0	Yes
Operating System	redhat	enterprise_linux_hpc_node_eus	7.1	Yes
Operating System	redhat	enterprise_linux_server	7.0	Yes
Operating System	redhat	enterprise_linux_server_eus	7.1	Yes
Operating System	redhat	enterprise_linux_workstation	7.0	Yes
Operating System	oracle	linux	6	Yes
Operating System	oracle	linux	7	Yes
Operating System	oracle	solaris	11.2	Yes
Application	php	php	≤ 5.4.39	Yes
Application	php	php	5.5.0	Yes
Application	php	php	5.5.0	Yes
Application	php	php	5.5.0	Yes
Application	php	php	5.5.0	Yes
Application	php	php	5.5.0	Yes
Application	php	php	5.5.0	Yes
Application	php	php	5.5.0	Yes
Application	php	php	5.5.0	Yes
Application	php	php	5.5.0	Yes
Application	php	php	5.5.0	Yes
Application	php	php	5.5.0	Yes
Application	php	php	5.5.0	Yes
Application	php	php	5.5.0	Yes
Application	php	php	5.5.1	Yes
Application	php	php	5.5.2	Yes
Application	php	php	5.5.3	Yes
Application	php	php	5.5.4	Yes
Application	php	php	5.5.5	Yes
Application	php	php	5.5.6	Yes
Application	php	php	5.5.7	Yes
Application	php	php	5.5.8	Yes
Application	php	php	5.5.9	Yes
Application	php	php	5.5.10	Yes
Application	php	php	5.5.11	Yes
Application	php	php	5.5.12	Yes
Application	php	php	5.5.13	Yes
Application	php	php	5.5.14	Yes
Application	php	php	5.5.18	Yes
Application	php	php	5.5.19	Yes
Application	php	php	5.5.20	Yes
Application	php	php	5.5.21	Yes
Application	php	php	5.5.22	Yes
Application	php	php	5.5.23	Yes
Application	php	php	5.6.0	Yes
Application	php	php	5.6.0	Yes
Application	php	php	5.6.0	Yes
Application	php	php	5.6.0	Yes
Application	php	php	5.6.0	Yes
Application	php	php	5.6.0	Yes
Application	php	php	5.6.0	Yes
Application	php	php	5.6.0	Yes
Application	php	php	5.6.0	Yes
Application	php	php	5.6.2	Yes
Application	php	php	5.6.3	Yes
Application	php	php	5.6.4	Yes
Application	php	php	5.6.5	Yes
Application	php	php	5.6.6	Yes
Application	php	php	5.6.7	Yes
Operating System	redhat	enterprise_linux	6.0	Yes
Operating System	redhat	enterprise_linux	7.0	Yes

References

http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=f59b67ae50064560d7bfcdb0d6a8ab284179053c ([email protected])
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html Mailing List, Vendor Advisory ([email protected])
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html Mailing List, Vendor Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00004.html ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html ([email protected])
http://php.net/ChangeLog-5.php Patch ([email protected])
http://rhn.redhat.com/errata/RHSA-2015-1066.html ([email protected])
http://rhn.redhat.com/errata/RHSA-2015-1135.html Third Party Advisory ([email protected])
http://rhn.redhat.com/errata/RHSA-2015-1186.html ([email protected])
http://rhn.redhat.com/errata/RHSA-2015-1187.html Third Party Advisory ([email protected])
http://rhn.redhat.com/errata/RHSA-2015-1218.html ([email protected])
http://www.debian.org/security/2015/dsa-3280 ([email protected])
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html Third Party Advisory ([email protected])
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/74240 ([email protected])
http://www.securitytracker.com/id/1032145 ([email protected])
http://www.ubuntu.com/usn/USN-2572-1 ([email protected])
https://bugs.php.net/bug.php?id=69441 Exploit, Patch ([email protected])
https://security.gentoo.org/glsa/201606-10 ([email protected])
https://support.apple.com/HT205267 Third Party Advisory ([email protected])
https://support.apple.com/kb/HT205031 Third Party Advisory ([email protected])
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=f59b67ae50064560d7bfcdb0d6a8ab284179053c (af854a3a-2127-422b-91ae-364da2661108)
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html Mailing List, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html Mailing List, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00004.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html (af854a3a-2127-422b-91ae-364da2661108)
http://php.net/ChangeLog-5.php Patch (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2015-1066.html (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2015-1135.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2015-1186.html (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2015-1187.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2015-1218.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2015/dsa-3280 (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/74240 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1032145 (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-2572-1 (af854a3a-2127-422b-91ae-364da2661108)
https://bugs.php.net/bug.php?id=69441 Exploit, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201606-10 (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/HT205267 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/kb/HT205031 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)