CVE-2015-8391 – pcre: inefficient posix character class syntax check (8.38/16)
https://notcve.org/view.php?id=CVE-2015-8391
The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. La función pcre_compile en pcre_compile.c en PCRE en versiones anteriores a 8.38 no maneja correctamente cierta anidación [: , lo que permite a atacantes remotos causar una denegación de servicio (consumo de CPU) o posiblemente tener otro impacto no especificado a través de una expresión regular manipulada, según lo demostrado por un objeto JavaScript RegExp encontrado por Konqueror. • http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html http://rhn.redhat.com/errata/RHSA-2016-1025.html http://rhn.redhat.com/errata/RHSA-2016-2750.html http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886 http://www.openwall.com/lists/oss-security/2015/11/29/1 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securityfocus.com/bid/82990 https: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-407: Inefficient Algorithmic Complexity •
CVE-2015-8394
https://notcve.org/view.php?id=CVE-2015-8394
PCRE before 8.38 mishandles the (?(<digits>) and (?(R<digits>) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. PCRE en versiones anteriores a 8.38 no maneja correctamente las condiciones (?() y (? • http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup http://www.openwall.com/lists/oss-security/2015/11/29/1 http://www.securityfocus.com/bid/82990 https://bto.bluecoat.com/security-advisory/sa128 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731 https://security.gentoo.org/glsa/201607-02 https://security.netapp.com/advisory/ntap-20230216-0002 • CWE-190: Integer Overflow or Wraparound •
CVE-2015-7804 – php: uninitialized pointer in phar_make_dirstream()
https://notcve.org/view.php?id=CVE-2015-7804
Off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (uninitialized pointer dereference and application crash) by including the / filename in a .zip PHAR archive. Error por un paso en la función phar_parse_zipfile en ext/phar/zip.c en PHP en versiones anteriores a 5.5.30 y 5.6.x en versiones anteriores a 5.6.14 permite a atacantes remotos causar una denegación de servicio (referencia a un puntero no inicializado y caída de aplicación) incluyendo el nombre de archivo / en un archivo PHAR .zip. A flaw was found in the way the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=1ddf72180a52d247db88ea42a3e35f824a8fbda1 http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html http://lists.opensuse.org/opensuse-updates/2016-01/msg00099.html http://www.debian.org/security/2015/dsa-3380 http://www.openwall.com/lists/oss-security/2015/10/05/8 http://www.php.net/ChangeLog-5.php http://www.securityfocus.com/bid/76959 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=sla • CWE-189: Numeric Errors CWE-822: Untrusted Pointer Dereference •
CVE-2015-7803 – php: NULL pointer dereference in phar_get_fp_offset()
https://notcve.org/view.php?id=CVE-2015-7803
The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator references a file that does not exist. La función phar_get_entry_data en ext/phar/util.c en PHP en versiones anteriores a 5.5.30 y 5.6.x en versiones anteriores a 5.6.14 permite a atacantes remotos causar una denegación de servicio (referencia a puntero NULL y caída de aplicación) a través de un archivo .phar con una entrada de archivo TAR manipulada en la cual el indicador Link referencia a un archivo que no existe. A flaw was found in the way the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=d698f0ae51f67c9cce870b09c59df3d6ba959244 http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html http://lists.opensuse.org/opensuse-updates/2016-01/msg00099.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00037.html http://www.debian.org/security/2015/dsa-3380 http://www.openwall.com/lists/oss-security/2015/10/05/8 http://www.php.net& • CWE-476: NULL Pointer Dereference •
CVE-2015-6831 – php: Use After Free Vulnerability in unserialize()
https://notcve.org/view.php?id=CVE-2015-6831
Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during unserialization. Múltiples vulnerabilidades de uso después de liberación de memoria en SPL en PHP en versiones anteriores a 5.4.44, 5.5.x en versiones anteriores a 5.5.28 y 5.6.x en versiones anteriores a 5.6.12 permiten a atacantes remotos ejecutar código arbitrario involucrando vectores (1) ArrayObject, (2) SplObjectStorage y (3) SplDoublyLinkedList, los cuales no son manejados adecuadamente durante la deserialización. A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code. • http://www.debian.org/security/2015/dsa-3344 http://www.openwall.com/lists/oss-security/2015/08/19/3 http://www.php.net/ChangeLog-5.php http://www.securityfocus.com/bid/76737 https://bugs.php.net/bug.php?id=70155 https://bugs.php.net/bug.php?id=70166 https://bugs.php.net/bug.php?id=70168 https://bugs.php.net/bug.php?id=70169 https://security.gentoo.org/glsa/201606-10 https://access.redhat.com/security/cve/CVE-2015-6831 https://bugzilla.r • CWE-416: Use After Free •