CVE-2015-2325 – pcre: heap buffer overflow in compile_branch()
https://notcve.org/view.php?id=CVE-2015-2325
The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier. La función compile_branch en PCRE versiones anteriores a 8.37, permite a atacantes dependiendo del contexto compilar código incorrecto, causar una denegación de servicio (lectura de la pila fuera de límites y bloqueo) o posiblemente tener otro impacto no especificado por medio de una expresión regular con un grupo que contiene una referencia directa repetida una gran número de veces dentro de un grupo externo repetido que posee un cuantificador mínimo cero. • http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html https://bugs.exim.org/show_bug.cgi?id=1591 https://fortiguard.com/zeroday/FG-VD-15-015 https://www.pcre.org/original/changelog.txt https://access.redhat.com/security/cve/CVE-2015-2325 https://bugzilla.redhat.com/show_bug.cgi?id=1207198 • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVE-2015-2326 – pcre: heap buffer over-read in pcre_compile2() (8.37/23)
https://notcve.org/view.php?id=CVE-2015-2326
The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/". La función pcre_compile2 en PCRE versiones anteriores a 8.37, permite a atacantes dependiendo del contexto compilar código incorrecto y causar una denegación de servicio (lectura fuera de límites) mediante una expresión regular con un grupo que contiene una llamada de subrutina de referencia directa y una referencia inversa recursiva, como es demostrado por "((? +1)(\1))/". • http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html https://bugs.exim.org/show_bug.cgi?id=1592 https://fortiguard.com/zeroday/FG-VD-15-016 https://www.pcre.org/original/changelog.txt https://access.redhat.com/security/cve/CVE-2015-2326 https://bugzilla.redhat.com/show_bug.cgi?id=1207202 • CWE-125: Out-of-bounds Read •
CVE-2015-4021 – php: memory corruption in phar_parse_tarfile caused by empty entry file name
https://notcve.org/view.php?id=CVE-2015-4021
The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0 character, which allows remote attackers to cause a denial of service (integer underflow and memory corruption) via a crafted entry in a tar archive. La función phar_parse_tarfile en ext/phar/tar.c en PHP anterior a 5.4.41, 5.5.x anterior a 5.5.25, y 5.6.x anterior a 5.6.9 no verifica que el primer caracter de un nombre de fichero es diferente al caracter \0, lo que permite a atacantes remotos causar una denegación de servicio (desbordamientos de enteros y corrupción de memoria) a través de una entrada manipulada en un archivo tar. An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158616.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158915.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159031.html http://lists.opensuse.org/opensuse-updates/2015-06/msg00002.html http://php.net/ChangeLog-5.php http://rhn.redhat.com/errata/RHSA-2015-1135.html http://rhn.redhat.com/errata/RHSA-2015 • CWE-189: Numeric Errors CWE-787: Out-of-bounds Write •
CVE-2015-4022 – php: integer overflow leading to heap overflow when reading FTP file listing
https://notcve.org/view.php?id=CVE-2015-4022
Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. Desbordamiento de enteros en la función ftp_genlist en ext/ftp/ftp.c en PHP anterior a 5.4.41, 5.5.x anterior a 5.5.25, y 5.6.x anterior a 5.6.9 permite a servidores FTP remotos ejecutar código arbitrario a través de una contestación larga a un comando LIST, que conduce a un desbordamiento de buffer basado en memoria dinámica. An integer overflow flaw leading to a heap-based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code. • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158616.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158915.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159031.html http://lists.opensuse.org/opensuse-updates/2015-06/msg00002.html http://php.net/ChangeLog-5.php http://rhn.redhat.com/errata/RHSA-2015-1135.html http://rhn.redhat.com/errata/RHSA-2015 • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •
CVE-2015-4024 – php: multipart/form-data request parsing CPU usage DoS
https://notcve.org/view.php?id=CVE-2015-4024
Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome. Vulnerabilidad de complejidad algorítmica en la función multipart_buffer_headers en main/rfc1867.c en PHP anterior a 5.4.41, 5.5.x anterior a 5.5.25, y 5.6.x anterior a 5.6.9 permiten a atacantes remotos causar una denegación de servicio (consumo de CPU) a través de datos de formularios manipulados que provocan un resultado de orden de crecimiento incorrecto. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158616.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158915.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159031.html http://lists.opensuse.org/opensuse-updates/2015-06/msg00002.html http://php.net/ChangeLog-5.php http://rhn.redhat.com/errata/RHSA-2015-1135.html http://rhn.redhat.com/errata/RHSA-2015 • CWE-399: Resource Management Errors CWE-407: Inefficient Algorithmic Complexity •