CVE Vulnerabilities

CVE-2015-7803

Published: Dec 11, 2015 | Modified: Nov 07, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator references a file that does not exist.

Affected Software

Name Vendor Start Version End Version
Php Php 5.6.1 5.6.1
Php Php 5.6.5 5.6.5
Php Php 5.6.12 5.6.12
Php Php 5.6.13 5.6.13
Php Php 5.6.4 5.6.4
Php Php 5.6.6 5.6.6
Php Php 5.6.11 5.6.11
Php Php 5.6.2 5.6.2
Php Php 5.6.10 5.6.10
Php Php 5.6.7 5.6.7
Php Php 5.6.9 5.6.9
Php Php 5.6.3 5.6.3
Php Php 5.6.8 5.6.8
Php Php * 5.5.29

References