KLA10514
Multiple vulnerabilities in PHP and plugins
Updated: 06/17/2019
Detect date
?
03/30/2015
Severity
?
Critical
Description

Multiple serious vulnerabilities have been found in PHP. Malicious users can exploit these vulnerabilities to inject or execute arbitrary code, bypass security restrictions or cause denial of service.

Below is a complete list of vulnerabilities

  1. Multiple use-after-free vulnerabilities can be exploited remotely via a specially designed call and input and vectors related to Phar archives renaming and;
  2. Improper pathname truncation can be exploited remotely via a specailly designed arguments;
  3. Integer overflow vulnerability can be exploited remotely via a specially designed ZIP archive;
  4. An unknown vulnerability can be exploited remotely via a specially designed GIF image or ELF file;
  5. Heap-based buffer overflow can be exploited remotely via vectors related to dictionaries;
  6. Improper string-length handling can be exploited remotely via a specially designed files.
Affected products

PHP versions earlier than 5.4.39
PHP 5.5 versions earlier than 5.5.23
PHP 5.6 versions earlier than 5.6.7

Solution

Update to the latest version
Get PHP

Original advisories

PHP changelog

Impacts
?
ACE 
[?]

DoS 
[?]

CI 
[?]

SB 
[?]
Related products
PHP
CVE-IDS
?
CVE-2015-27877.5Critical
CVE-2015-23485.0Critical
CVE-2015-23317.5Critical
CVE-2015-23017.5Critical
CVE-2015-13517.5Critical
CVE-2015-02737.5Critical
CVE-2014-97095.0Critical
CVE-2014-97057.5Critical
CVE-2014-96537.5Critical
CVE-2014-96525.0Critical