CVE-2015-7803 — NULL Pointer Dereference in Apple MAC OS X

CWE-476 — NULL Pointer Dereference8 documents7 sources

Severity

6.8MEDIUMNVD

EPSS

26.5%

top 3.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Php5 Apple MAC OS X PHP +1 more

Timeline

PublishedDec 11

Latest updateMay 17

Description

The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator references a file that does not exist.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages4 packages

▶Ubuntuphp5/php5< 5.5.9+dfsg-1ubuntu4.14

▶NVDphp/php5.5.29+13

▶NVDapple/mac_os_x10.11.1

▶Appleapple/os_x_el_capitan_10.11.2_security_update_2015-005_yosemite_and_security_update_20

🔴Vulnerability Details

GHSA

GHSA-xcr5-h66f-mcfq: The phar_get_entry_data function in ext/phar/util↗2022-05-17

▶

OSV

php5 vulnerabilities↗2015-10-28

▶

OSV

CVE-2015-7803: The phar_get_entry_data function in ext/phar/util↗2015-10-12

▶

📋Vendor Advisories

Ubuntu

PHP vulnerabilities↗2015-10-28

▶

Red Hat

php: NULL pointer dereference in phar_get_fp_offset()↗2015-10-01

▶

Apple

CVE-2015-7803: OS X El Capitan 10.11.2, Security Update 2015-005 Yosemite, and Security Update 2015-008 Mavericks↗

▶

💬Community

Bugzilla

CVE-2015-7803 php: NULL pointer dereference in phar_get_fp_offset()↗2015-10-13

▶