CVE-2015-4024Inefficient Algorithmic Complexity in Apple MAC OS X

CWE-399CWE-407Inefficient Algorithmic Complexity10 documents9 sources
Severity
5.0MEDIUMNVD
EPSS
75.5%
top 1.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
13
Php5Apple MAC OS XHP System Management Homepage+10 more
Timeline
PublishedJun 9
Latest updateMay 13

Description

Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages10 packages

Ubuntuphp5/php5< 5.5.9+dfsg-1ubuntu4.11
NVDphp/php5.4.40+31
NVDapple/mac_os_x10.10.4
NVDoracle/linux6, 7+1

Also affects: Enterprise Linux 6.0, 7.0, 7.1

Patches

Patch: php.netPatch: bugs.php.netPatch: php.net

🔴Vulnerability Details

3
GHSA
GHSA-92mh-q8c5-wgqv: Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc18672022-05-13
CVEList
CVE-2015-4024: Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc18672015-06-09
OSV
CVE-2015-4024: Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc18672015-06-09

💥Exploits & PoCs

1
Nuclei
WordPress Candidate Application Form <= 1.3 - Local File Inclusion

📋Vendor Advisories

3
Ubuntu
PHP vulnerabilities2015-07-06
Red Hat
php: multipart/form-data request parsing CPU usage DoS2015-05-14
Apple
CVE-2015-4024: OS X Yosemite v10.10.5 and Security Update 2015-006

💬Community

2
Bugzilla
CVE-2015-4024 php: PHP Multipart/form-data remote dos Vulnerability [fedora-all]2015-05-20
Bugzilla
CVE-2015-4024 php: multipart/form-data request parsing CPU usage DoS2015-05-18
CVE-2015-4024 — Inefficient Algorithmic Complexity | cvebase