Multiple vulnerabilities in PHP and plugins

Описание

Multiple serious vulnerabilities have been found in PHP. Malicious users can exploit these vulnerabilities to inject or execute arbitrary code, bypass security restrictions or cause denial of service.

Below is a complete list of vulnerabilities

1. Multiple use-after-free vulnerabilities can be exploited remotely via a specially designed call and input and vectors related to Phar archives renaming and;
2. Improper pathname truncation can be exploited remotely via a specailly designed arguments;
3. Integer overflow vulnerability can be exploited remotely via a specially designed ZIP archive;
4. An unknown vulnerability can be exploited remotely via a specially designed GIF image or ELF file;
5. Heap-based buffer overflow can be exploited remotely via vectors related to dictionaries;
6. Improper string-length handling can be exploited remotely via a specially designed files.

Первичный источник обнаружения

• PHP changelog
  

Эксплуатация

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Связанные продукты

• PHP

Список CVE

• CVE-2015-2787
  high
• CVE-2015-2348
  warning
• CVE-2015-2331
  high
• CVE-2015-2301
  high
• CVE-2015-1351
  high
• CVE-2015-0273
  high
• CVE-2014-9709
  warning
• CVE-2014-9705
  high
• CVE-2014-9653
  high
• CVE-2014-9652
  warning

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com