Heap-based buffer overflow in SUSE products - CVE-2015-2331
Published: March 30, 2015 / Updated: August 9, 2020
Vulnerability identifier: #VU40861
CSH Severity: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2015-2331
CWE-ID: CWE-122
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
PHP
Debian Linux
Fedora
Opensuse
PHP
Debian Linux
Fedora
Opensuse
Software vendor:
PHP Group
Debian
Fedoraproject
SUSE
PHP Group
Debian
Fedoraproject
SUSE
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products,. A remote attacker can use a ZIP archive that contains many entries to trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
External links
- http://git.php.net/?p=php-src.git;a=commit;h=ef8fc4b53d92fbfcd8ef1abbd6f2f5fe2c4a11e5
- http://hg.nih.at/libzip/rev/9f11d54f692e
- http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154266.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154276.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154666.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155299.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155622.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153983.html
- http://lists.opensuse.org/opensuse-updates/2015-03/msg00083.html
- http://lists.opensuse.org/opensuse-updates/2015-04/msg00002.html
- http://marc.info/?l=bugtraq&m=143403519711434&w=2
- http://marc.info/?l=bugtraq&m=143748090628601&w=2
- http://marc.info/?l=bugtraq&m=144050155601375&w=2
- http://php.net/ChangeLog-5.php
- http://www.debian.org/security/2015/dsa-3198
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:079
- http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
- http://www.securitytracker.com/id/1031985
- https://bugs.php.net/bug.php?id=69253
- https://support.apple.com/HT205267