PHP Vulnerability: CVE-2015-4643
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | May 16, 2016 | June 03, 2016 | January 08, 2018 |
Description
Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4022.
Scan For This Vulnerability
Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities
References
Solution
php-upgrade-5_4_42Related Vulnerabilities
- FreeBSD: php5 -- multiple vulnerabilities (Multiple CVEs)
- Cent OS: CVE-2015-4643: CESA-2015:1135 (php)
- DSA-3344-1 php5 -- security update
- RHSA-2015:1135: php security and bug fix update
- Amazon Linux AMI: Security patch for php55 (ALAS-2015-562) (multiple CVEs)
- Amazon Linux AMI: Security patch for php54 (ALAS-2015-561) (multiple CVEs)
- RHSA-2015:1218: php security update
- Gentoo Linux: CVE-2015-4643: PHP: Multiple vulnerabilities
- Amazon Linux AMI: Security patch for php56 (ALAS-2015-563) (multiple CVEs)
- ELSA-2015-1219 Moderate: Oracle Linux Software Collections 1.2 for Oracle Linux php54-php security update
- SUSE: CVE-2015-4643: SUSE Linux Security Advisory
- RHSA-2015:1219: php54-php security update
- ELSA-2015-1186 Important: Oracle Linux Software Collections 1.2 for Oracle Linux php55-php security update
- USN-2658-1: PHP vulnerabilities