PHP Vulnerability: CVE-2015-4644
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:N/A:P) | May 16, 2016 | June 03, 2016 | November 06, 2017 |
Description
The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1352.
Scan For This Vulnerability
Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities
References
Solution
php-upgrade-5_4_42Related Vulnerabilities
- SUSE: CVE-2015-4644: SUSE Linux Security Advisory
- FreeBSD: php5 -- multiple vulnerabilities (Multiple CVEs)
- DSA-3344-1 php5 -- security update
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 5
- Amazon Linux AMI: Security patch for php55 (ALAS-2015-562) (multiple CVEs)
- Amazon Linux AMI: Security patch for php54 (ALAS-2015-561) (multiple CVEs)
- Amazon Linux AMI: Security patch for php56 (ALAS-2015-563) (multiple CVEs)
- ELSA-2015-1219 Moderate: Oracle Linux Software Collections 1.2 for Oracle Linux php54-php security update
- RHSA-2015:1219: php54-php security update
- Gentoo Linux: CVE-2015-4644: PHP: Multiple vulnerabilities
- ELSA-2015-1186 Important: Oracle Linux Software Collections 1.2 for Oracle Linux php55-php security update
- USN-2658-1: PHP vulnerabilities