PHP Vulnerability: CVE-2015-2331
|8||(AV:N/AC:L/Au:N/C:P/I:P/A:P)||March 29, 2015||April 26, 2015||October 14, 2015|
Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow.
Free Nexpose Download
Discover, prioritize, and remediate security risks today!
- DSA-3198-1 php5 -- security update
- FreeBSD: libzip -- integer overflow (CVE-2015-2331)
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 5
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 7
- Amazon Linux AMI: Security patch for php56 (ALAS-2015-508) (multiple CVEs)
- HP-UX: CVE-2015-2331: Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other Vulnerabilities
- Amazon Linux AMI: Security patch for php55 (ALAS-2015-507) (multiple CVEs)
- Amazon Linux AMI: Security patch for php54 (ALAS-2015-506) (multiple CVEs)
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 6
- OS X update for apache_mod_php (CVE-2015-2331)
- Oracle Solaris 11: CVE-2015-2331: Vulnerability in PHP