CVE-2015-2301
published 2015-03-30CVE-2015-2301: Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause…
high7.5CVSS 3.1
AVNACLAuNCPIPAP
Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | mac_os_x | <= 10.10.4 | — |
| apple | os_x_el_capitan_v10.11 | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| php | php | >= 5.4.0 < 5.4.40 | 5.4.40 |
| php | php | >= 5.5.0 < 5.5.22 | 5.5.22 |
| php | php | >= 5.6.0 < 5.6.6 | 5.6.6 |
| php5 | php5 | >= 0 < 5.5.9+dfsg-1ubuntu4.7 | 5.5.9+dfsg-1ubuntu4.7 |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_hpc_node | — | — |
| redhat | enterprise_linux_hpc_node_eus | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server_eus | — | — |
| redhat | enterprise_linux_workstation | — | — |
CVSS provenance
nvd7.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH