#VU16133 Off-by-one in PHP - CVE-2015-7804

Cybersecurity Help s.r.o.

Published: 2018-11-27

Vulnerability identifier: #VU16133

Vulnerability risk: Low

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2015-7804

CWE-ID: CWE-193

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
PHP
Universal components / Libraries / Scripting languages

Vendor: PHP Group

Description

The vulnerability allows a remote attacker to cause DoS condition.

The vulnerability exists due to off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before 5.6.14. A remote attacker can trigger uninitialized pointer dereference and cause the service to crash by including the / filename in a .zip PHAR archive.

Mitigation
Install update from vendor's website.

Vulnerable software versions

PHP: 5.5.0 - 5.5.29, 5.6.0 - 5.6.13

External links
https://bugs.php.net/bug.php?id=70433

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Slackware Linux update for php

Ubuntu update for PHP