fkie_nvd - fkie_cve-2015-3329

fkie_cve-2015-3329

Vulnerability from fkie_nvd

Published

2015-06-09 18:59

Modified

2025-04-12 10:46

Severity ?

Summary

Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive.

References

URL	Tags
cve@mitre.org	http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=f59b67ae50064560d7bfcdb0d6a8ab284179053c
cve@mitre.org	http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html	Mailing List, Vendor Advisory
cve@mitre.org	http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html	Mailing List, Vendor Advisory
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00004.html
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html
cve@mitre.org	http://php.net/ChangeLog-5.php	Patch
cve@mitre.org	http://rhn.redhat.com/errata/RHSA-2015-1066.html
cve@mitre.org	http://rhn.redhat.com/errata/RHSA-2015-1135.html	Third Party Advisory
cve@mitre.org	http://rhn.redhat.com/errata/RHSA-2015-1186.html
cve@mitre.org	http://rhn.redhat.com/errata/RHSA-2015-1187.html	Third Party Advisory
cve@mitre.org	http://rhn.redhat.com/errata/RHSA-2015-1218.html
cve@mitre.org	http://www.debian.org/security/2015/dsa-3280
cve@mitre.org	http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html	Third Party Advisory
cve@mitre.org	http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html	Third Party Advisory
cve@mitre.org	http://www.securityfocus.com/bid/74240
cve@mitre.org	http://www.securitytracker.com/id/1032145
cve@mitre.org	http://www.ubuntu.com/usn/USN-2572-1
cve@mitre.org	https://bugs.php.net/bug.php?id=69441	Exploit, Patch
cve@mitre.org	https://security.gentoo.org/glsa/201606-10
cve@mitre.org	https://support.apple.com/HT205267	Third Party Advisory
cve@mitre.org	https://support.apple.com/kb/HT205031	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=f59b67ae50064560d7bfcdb0d6a8ab284179053c
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00004.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html
af854a3a-2127-422b-91ae-364da2661108	http://php.net/ChangeLog-5.php	Patch
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2015-1066.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2015-1135.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2015-1186.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2015-1187.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2015-1218.html
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2015/dsa-3280
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/74240
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032145
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-2572-1
af854a3a-2127-422b-91ae-364da2661108	https://bugs.php.net/bug.php?id=69441	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201606-10
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT205267	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT205031	Third Party Advisory

Impacted products

Vendor	Product	Version
apple	mac_os_x	*
apple	mac_os_x	10.9.5
apple	mac_os_x	10.10.0
apple	mac_os_x	10.10.1
apple	mac_os_x	10.10.2
apple	mac_os_x	10.10.3
apple	mac_os_x	10.10.4
redhat	enterprise_linux_desktop	7.0
redhat	enterprise_linux_hpc_node	7.0
redhat	enterprise_linux_hpc_node_eus	7.1
redhat	enterprise_linux_server	7.0
redhat	enterprise_linux_server_eus	7.1
redhat	enterprise_linux_workstation	7.0
oracle	linux	6
oracle	linux	7
oracle	solaris	11.2
php	php	*
php	php	5.5.0
php	php	5.5.0
php	php	5.5.0
php	php	5.5.0
php	php	5.5.0
php	php	5.5.0
php	php	5.5.0
php	php	5.5.0
php	php	5.5.0
php	php	5.5.0
php	php	5.5.0
php	php	5.5.0
php	php	5.5.0
php	php	5.5.1
php	php	5.5.2
php	php	5.5.3
php	php	5.5.4
php	php	5.5.5
php	php	5.5.6
php	php	5.5.7
php	php	5.5.8
php	php	5.5.9
php	php	5.5.10
php	php	5.5.11
php	php	5.5.12
php	php	5.5.13
php	php	5.5.14
php	php	5.5.18
php	php	5.5.19
php	php	5.5.20
php	php	5.5.21
php	php	5.5.22
php	php	5.5.23
php	php	5.6.0
php	php	5.6.0
php	php	5.6.0
php	php	5.6.0
php	php	5.6.0
php	php	5.6.0
php	php	5.6.0
php	php	5.6.0
php	php	5.6.0
php	php	5.6.2
php	php	5.6.3
php	php	5.6.4
php	php	5.6.5
php	php	5.6.6
php	php	5.6.7
redhat	enterprise_linux	6.0
redhat	enterprise_linux	7.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1A0EBC0-73C1-4640-90AD-4371D1C0D09F",
              "versionEndIncluding": "10.6.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "06A4AE53-A477-4386-887C-4B7408575C23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8A2286E-9D1C-4B56-8B40-150201B818AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AF9BC68-7F0D-4DF9-9CD8-6CE9844555C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D35FAC77-A0DD-4AF9-AA9E-A4B170842D2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "831B1114-7CA7-43E3-9A15-592218060A1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8B0A12E-E122-4189-A05E-4FEA43C19876",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C84489B-B08C-4854-8A12-D01B6E45CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7071F0C7-E43E-4F2E-9FEB-E8FB3DEA4749",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E8CD4EF-DC90-40BB-A721-6EC087507906",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC7A498A-A669-4C42-8134-86103C799D13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*",
              "matchCriteriaId": "104DA87B-DEE4-4262-AE50-8E6BC43B228B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B1C288F-326B-497B-B26C-D26E01262DDB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1228E622-0524-4254-BA07-6EED39637EA4",
              "versionEndIncluding": "5.4.39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F6D9B19-E64D-4BED-9194-17460CE19E6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "3D25E591-448C-4E3B-8557-6E48F7571796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "6DA18F3F-B4B5-40C3-BF19-67C1F0C1787D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*",
              "matchCriteriaId": "3AF783C9-26E7-4E02-BD41-77B9783667E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*",
              "matchCriteriaId": "EF49701D-ECE4-4CEB-BDAB-24C09C8AD4B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*",
              "matchCriteriaId": "7AEDF6F7-001D-4A35-A26F-417991AD377F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*",
              "matchCriteriaId": "4031DB99-B4B4-41EC-B3C1-543D92C575A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "D5450EA7-A398-49D2-AA8E-7C95B074BAB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "04FE0E4E-BC94-4DC9-BE9B-DC57B952B2FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "BB8E09D8-9CBE-4279-88B7-24A214A5A537",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "2D41ECCE-887D-49A2-9BB3-B559495AC55B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "79B418BC-27F4-4443-A0F7-FF4ADA568C1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "8EEBDF62-BA1B-4438-9AEA-8B56AA5713E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F644EA6C-50C6-4A1C-A4AC-287AA9477B46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DD47F30-74F5-48E8-8657-C2373FE2BD22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C09527B-6B47-41F8-BDE6-01C47E452286",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E454D87-23CB-4D7F-90FE-942EE54D661F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1031E646-F2CF-4A3E-8E6A-5D4BC950BEDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "130E50C1-D209-4CFF-9399-69D561340FBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1F29948-9417-460B-8B04-D91AE4E8B423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "A37D00C1-4F41-4400-9CE4-8E8BAA3E4142",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "093D08B7-CC3C-4616-8697-F15B253A7D9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9CD8FEE-DE7B-47CB-9985-4092BFA071D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "A30B2D9E-F289-43C9-BFBC-1CEF284A417E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE41CFDF-8ECD-41C1-94A7-5AFD42C5DDEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AEAC9BA-AF82-4345-839C-D339DCB962A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EFE682F-52E3-48EC-A993-F522FC29712F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC63A449-5D92-4F5F-8186-B58FFFBA54FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "F18236F6-2065-4A6A-93E7-FD90E650C689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEFBA84A-A4E4-438B-B9B5-8549809DCECC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "146D3DC9-50F4-430B-B321-68ECE78879A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D5A7CA6-7653-46C5-8DF7-95584BF7A879",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5BA8300-2F4D-4C1E-8CCE-F45E8F3547A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "5BF4E8FF-A3EC-43E8-A0C1-FD38AFCB77B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "54ADECFC-3C07-43BC-B296-6C25AC7F1C95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:*",
              "matchCriteriaId": "FE192054-2FBB-4388-A52A-422E20DEA2D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:*",
              "matchCriteriaId": "F0195D48-3B42-4AC0-B9C5-436E01C63879",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:*",
              "matchCriteriaId": "BF0E5D67-ABC1-41A5-94E1-7DD3CDB51D81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "319E0573-B1AD-40B6-B4BC-8BE67ED3EFDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "1A7C00EB-87B7-4EB7-A4AC-8665D8C78467",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "21BFCF10-786A-4D1E-9C37-50A1EC6056F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.6.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "95A6D6C8-5F46-4897-A0B0-778631E8CE6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE18933A-5FE6-41C7-B1B6-DA3E762C3FB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AE1289F-03A6-4621-B387-5F5ADAC4AE92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "383697F5-D29E-475A-84F3-46B54A928889",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "786ED182-5D71-4197-9196-12AB5CF05F85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF90980D-74AD-44AA-A7C5-A0B294CCE4F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "48D6B69C-8F27-4F4C-B953-67A7F9C2FBA5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de buffer basado en pila en la funci\u00f3n phar_set_inode en phar_internal.h en PHP anterior a 5.4.40, 5.5.x anterior a 5.5.24, y 5.6.x anterior a 5.6.8 permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un valor de longitud manipulado en un archivo (1) tar, (2) phar, o (3) ZIP."
    }
  ],
  "id": "CVE-2015-3329",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-06-09T18:59:02.537",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=f59b67ae50064560d7bfcdb0d6a8ab284179053c"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00004.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://php.net/ChangeLog-5.php"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1066.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1135.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1186.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1187.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1218.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2015/dsa-3280"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/74240"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1032145"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/USN-2572-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://bugs.php.net/bug.php?id=69441"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/201606-10"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/HT205267"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/kb/HT205031"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=f59b67ae50064560d7bfcdb0d6a8ab284179053c"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://php.net/ChangeLog-5.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1066.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1135.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1186.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1187.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1218.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2015/dsa-3280"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/74240"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1032145"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2572-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://bugs.php.net/bug.php?id=69441"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201606-10"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/HT205267"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/kb/HT205031"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2015-3329 (GCVE-0-2015-3329)

Vulnerability from cvelistv5

Published

2015-06-09 18:00