Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2015-2301: use after free in phar_object.c

Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file.

CVE
#vulnerability#ubuntu#linux#dos#git#php

Sec Bug #68901

use after free in phar_object.c

Submitted:

2015-01-24 18:44 UTC

Modified:

2015-03-18 12:12 UTC

From:

bugreports at internot dot info

Assigned:

laruence (profile)

Status:

Closed

Package:

PHAR related

PHP Version:

5.5.21

OS:

Linux Ubuntu 14.04

Private report:

No

CVE-ID:

2015-2301

[2015-01-24 18:44 UTC] bugreports at internot dot info

Description:

Hi,

In /ext/phar/phar_object.c: 2131 newpath = oldpath; but then:

2142 efree(oldpath); 2143 zend_throw_exception_ex(spl_ce_BadMethodCallException, 0 TSRMLS_CC, “phar \"%s\” exists and must be unlinked prior to conversion", newpath);

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2015-01-28 16:15 UTC] [email protected]

-Status: Open +Status: Closed -Assigned To: +Assigned To: laruence

[2015-01-28 18:17 UTC] [email protected]

-Summary: use after free +Summary: use after free in phar_object.c

Related news

CVE-2016-5771: PHP: PHP 5 ChangeLog

spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data.

CVE-2014-3479: PHP: PHP 5 ChangeLog

The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907