ALAS-2015-535 --- php55ID: oval:org.secpod.oval:def:1200186 | Date: (C)2015-12-29 (M)2024-02-19 |
Class: PATCH | Family: unix |
An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP"s Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. An integer overflow flaw leading to a heap based buffer overflow was found in the way PHP"s FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions
Platform: |
Amazon Linux AMI |