// For flags

CVE-2015-2331

 

Severity Score

7.5
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow.

Desbordamiento de enteros en la función _zip_cdir_new en zip_dirent.c en libzip 0.11.2 y anteriores, utilizado en la extensión ZIP en PHP anterior a 5.4.39, 5.5.x anterior a 5.5.23, y 5.6.x anterior a 5.6.7 y otros productos, permite a atacantes remotos causar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbitrario a través de un archivo ZIP que contiene muchas entradas, posteriormente conduciendo a un desbordamiento de buffer basado en memoria dinámica.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-03-18 CVE Reserved
  • 2015-03-23 CVE Published
  • 2024-08-06 CVE Updated
  • 2024-08-06 First Exploit
  • 2024-09-23 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-189: Numeric Errors
CAPEC
References (21)
URL Tag Source
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=ef8fc4b53d92fbfcd8ef1abbd6f2f5fe2c4a11e5 X_refsource_confirm
http://php.net/ChangeLog-5.php X_refsource_confirm
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html X_refsource_confirm
http://www.securitytracker.com/id/1031985 Vdb Entry
https://support.apple.com/HT205267 X_refsource_confirm
URL Date SRC
https://bugs.php.net/bug.php?id=69253 2024-08-06
URL Date SRC
URL Date SRC
http://hg.nih.at/libzip/rev/9f11d54f692e 2023-11-07
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html 2023-11-07
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154266.html 2023-11-07
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154276.html 2023-11-07
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154666.html 2023-11-07
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155299.html 2023-11-07
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155622.html 2023-11-07
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153983.html 2023-11-07
http://lists.opensuse.org/opensuse-updates/2015-03/msg00083.html 2023-11-07
http://lists.opensuse.org/opensuse-updates/2015-04/msg00002.html 2023-11-07
http://marc.info/?l=bugtraq&m=143403519711434&w=2 2023-11-07
http://marc.info/?l=bugtraq&m=143748090628601&w=2 2023-11-07
http://marc.info/?l=bugtraq&m=144050155601375&w=2 2023-11-07
http://www.debian.org/security/2015/dsa-3198 2023-11-07
http://www.mandriva.com/security/advisories?name=MDVSA-2015:079 2023-11-07
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Nih
Search vendor "Nih"
 Libzip
Search vendor "Nih" for product "Libzip"
 <= 0.11.2
Search vendor "Nih" for product "Libzip" and version " <= 0.11.2"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 <= 5.4.38
Search vendor "Php" for product "Php" and version " <= 5.4.38"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.0
Search vendor "Php" for product "Php" and version "5.5.0"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.0
Search vendor "Php" for product "Php" and version "5.5.0"
alpha1
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.0
Search vendor "Php" for product "Php" and version "5.5.0"
alpha2
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.0
Search vendor "Php" for product "Php" and version "5.5.0"
alpha3
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.0
Search vendor "Php" for product "Php" and version "5.5.0"
alpha4
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.0
Search vendor "Php" for product "Php" and version "5.5.0"
alpha5
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.0
Search vendor "Php" for product "Php" and version "5.5.0"
alpha6
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.0
Search vendor "Php" for product "Php" and version "5.5.0"
beta1
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.0
Search vendor "Php" for product "Php" and version "5.5.0"
beta2
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.0
Search vendor "Php" for product "Php" and version "5.5.0"
beta3
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.0
Search vendor "Php" for product "Php" and version "5.5.0"
beta4
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.0
Search vendor "Php" for product "Php" and version "5.5.0"
rc1
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.0
Search vendor "Php" for product "Php" and version "5.5.0"
rc2
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.1
Search vendor "Php" for product "Php" and version "5.5.1"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.2
Search vendor "Php" for product "Php" and version "5.5.2"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.3
Search vendor "Php" for product "Php" and version "5.5.3"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.4
Search vendor "Php" for product "Php" and version "5.5.4"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.5
Search vendor "Php" for product "Php" and version "5.5.5"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.6
Search vendor "Php" for product "Php" and version "5.5.6"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.7
Search vendor "Php" for product "Php" and version "5.5.7"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.8
Search vendor "Php" for product "Php" and version "5.5.8"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.9
Search vendor "Php" for product "Php" and version "5.5.9"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.10
Search vendor "Php" for product "Php" and version "5.5.10"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.11
Search vendor "Php" for product "Php" and version "5.5.11"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.12
Search vendor "Php" for product "Php" and version "5.5.12"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.13
Search vendor "Php" for product "Php" and version "5.5.13"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.14
Search vendor "Php" for product "Php" and version "5.5.14"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.15
Search vendor "Php" for product "Php" and version "5.5.15"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.16
Search vendor "Php" for product "Php" and version "5.5.16"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.17
Search vendor "Php" for product "Php" and version "5.5.17"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.18
Search vendor "Php" for product "Php" and version "5.5.18"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.19
Search vendor "Php" for product "Php" and version "5.5.19"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.20
Search vendor "Php" for product "Php" and version "5.5.20"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.21
Search vendor "Php" for product "Php" and version "5.5.21"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.22
Search vendor "Php" for product "Php" and version "5.5.22"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.6.0
Search vendor "Php" for product "Php" and version "5.6.0"
alpha1
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.6.0
Search vendor "Php" for product "Php" and version "5.6.0"
alpha2
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.6.0
Search vendor "Php" for product "Php" and version "5.6.0"
alpha3
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.6.0
Search vendor "Php" for product "Php" and version "5.6.0"
alpha4
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.6.0
Search vendor "Php" for product "Php" and version "5.6.0"
alpha5
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.6.0
Search vendor "Php" for product "Php" and version "5.6.0"
beta1
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.6.0
Search vendor "Php" for product "Php" and version "5.6.0"
beta2
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.6.0
Search vendor "Php" for product "Php" and version "5.6.0"
beta3
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.6.0
Search vendor "Php" for product "Php" and version "5.6.0"
beta4
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.6.1
Search vendor "Php" for product "Php" and version "5.6.1"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.6.2
Search vendor "Php" for product "Php" and version "5.6.2"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.6.3
Search vendor "Php" for product "Php" and version "5.6.3"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.6.4
Search vendor "Php" for product "Php" and version "5.6.4"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.6.5
Search vendor "Php" for product "Php" and version "5.6.5"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.6.6
Search vendor "Php" for product "Php" and version "5.6.6"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 7.0
Search vendor "Debian" for product "Debian Linux" and version "7.0"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
 Fedora
Search vendor "Fedoraproject" for product "Fedora"
 22
Search vendor "Fedoraproject" for product "Fedora" and version "22"
-
Affected
Opensuse
Search vendor "Opensuse"
 Opensuse
Search vendor "Opensuse" for product "Opensuse"
 13.1
Search vendor "Opensuse" for product "Opensuse" and version "13.1"
-
Affected
Opensuse
Search vendor "Opensuse"
 Opensuse
Search vendor "Opensuse" for product "Opensuse"
 13.2
Search vendor "Opensuse" for product "Opensuse" and version "13.2"
-
Affected