#VU222 An out-of-bounds read error in mb_ereg_replace - mbc_to_code in PHP - CVE-2015-8935
Published: July 27, 2016 / Updated: August 13, 2016
Vulnerability identifier: #VU222
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2015-8935
CWE-ID: CWE-401
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
PHP
PHP
Software vendor:
PHP Group
PHP Group
Description
The vulnerability allows a remote attacker to disclose potentially sensitive information.
The vulnerability exists due to mbc_to_code function performs oob access, if pattern is shorter than 6 characters. A remote unauthenticated attacker can cause an out-of-bounds read error in mb_ereg_replace - mbc_to_code.
Successful exploitation of this vulnerability may result in memory coruption and disclosure of memory contents.
The vulnerability exists due to mbc_to_code function performs oob access, if pattern is shorter than 6 characters. A remote unauthenticated attacker can cause an out-of-bounds read error in mb_ereg_replace - mbc_to_code.
Successful exploitation of this vulnerability may result in memory coruption and disclosure of memory contents.
Remediation
Install the latest version: (7.0.9).