CVE-2015-2331 — Integer Overflow or Wraparound in Libzip

CWE-189 CWE-190 — Integer Overflow or Wraparound10 documents8 sources

Severity

7.5HIGHNVD

EPSS

42.7%

top 2.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libzip Debian Libzip NIH Libzip +5 more

Timeline

PublishedMar 30

Latest updateMay 14

Description

Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages6 packages

▶debiandebian/libzip< libzip 0.11.2-1.2 (bookworm)

▶Debianlibzip/libzip< 0.11.2-1.2+3

▶NVDnih/libzip0.11.2

▶NVDphp/php5.4.38+30

▶NVDopensuse/opensuse13.1, 13.2+1

Also affects: Debian Linux 7.0, Fedora 22

🔴Vulnerability Details

GHSA

GHSA-wfcw-88hm-m2xm: Integer overflow in the _zip_cdir_new function in zip_dirent↗2022-05-14

▶

OSV

CVE-2015-2331: Integer overflow in the _zip_cdir_new function in zip_dirent↗2015-03-30

▶

VulnCheck

PHP ZIP Extension _zip_cdir_new Integer Overflow↗2015

▶

📋Vendor Advisories

Red Hat

libzip: integer overflow when processing ZIP archives↗2015-03-18

▶

Debian

CVE-2015-2331: libzip - Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 ...↗2015

▶

Apple

CVE-2015-2331: OS X El Capitan v10.11↗

▶

💬Community

Bugzilla

CVE-2015-2331 php: libzip: integer overflow when processing ZIP archives [fedora-all]↗2015-03-23

▶

Bugzilla

CVE-2015-2331 libzip: integer overflow when processing ZIP archives↗2015-03-23

▶

Bugzilla

CVE-2015-2331 mingw-libzip: php: libzip: integer overflow when processing ZIP archives [fedora-all]↗2015-03-23

▶