ALAS-2015-602 --- php55ID: oval:org.secpod.oval:def:1200156 | Date: (C)2016-01-04 (M)2024-04-17 |
Class: PATCH | Family: unix |
As reported upstream, A NULL pointer dereference flaw was found in the way PHP"s Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash. Use after free vulnerability was found in unserialize function. We can create ZVAL and free it via Serializable::unserialize. However the unserialize will still allow to use R: or r: to set references to that already freed memory. It is possible to use-after-free attack and execute arbitrary code remotely. A use-after-free vulnerability was found in session deserializer. When session deserializer is deserializing multiple data, it will call php_var_unserialize multiple times. We can create ZVAL and free it via the php_var_unserialize with a crafted serialized string. Then the next call php_var_unserialize will still allow to use R: or r: to set references to that already freed memory. It is possible to use-after-free attack and execute arbitrary code remotely. As reported upstream, an uninitialized pointer use flaw was found in the phar_make_dirstream function of PHP"s Phar extension. A specially crafted phar file in the ZIP format with a directory entry with a file name "/ZIP" could cause a PHP application function to crash
Platform: |
Amazon Linux AMI |