// For flags

CVE-2015-2331

HP Security Bulletin HPSBUX03337 SSRT102066 1

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow.

Desbordamiento de enteros en la función _zip_cdir_new en zip_dirent.c en libzip 0.11.2 y anteriores, utilizado en la extensión ZIP en PHP anterior a 5.4.39, 5.5.x anterior a 5.5.23, y 5.6.x anterior a 5.6.7 y otros productos, permite a atacantes remotos causar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbitrario a través de un archivo ZIP que contiene muchas entradas, posteriormente conduciendo a un desbordamiento de buffer basado en memoria dinámica.

S. Paraschoudis discovered that PHP incorrectly handled memory in the enchant binding. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Taoguang Chen discovered that PHP incorrectly handled unserializing objects. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that PHP incorrectly handled memory in the phar extension. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libzip, which is embedded in PHP, processed certain ZIP archives. If an attacker were able to supply a specially crafted ZIP archive to an application using libzip, it could cause the application to crash or, possibly, execute arbitrary code. It was discovered that the PHP opcache component incorrectly handled memory. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that the PHP PostgreSQL database extension incorrectly handled certain pointers. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. The updated php packages have been patched and upgraded to the 5.5.23 version which is not vulnerable to these issues. The libzip packages has been patched to address the flaw. Additionally the php-xdebug package has been upgraded to the latest 2.3.2 and the PECL packages which requires so has been rebuilt for php-5.5.23.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-03-18 CVE Reserved
  • 2015-03-23 CVE Published
  • 2024-08-06 CVE Updated
  • 2024-08-06 First Exploit
  • 2025-07-04 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-189: Numeric Errors
CAPEC
References (21)
URL Date SRC
https://bugs.php.net/bug.php?id=69253 2024-08-06
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Nih
Search vendor "Nih"
Libzip
Search vendor "Nih" for product "Libzip"
<= 0.11.2
Search vendor "Nih" for product "Libzip" and version " <= 0.11.2"
-
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
<= 5.4.38
Search vendor "Php" for product "Php" and version " <= 5.4.38"
-
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
5.5.0
Search vendor "Php" for product "Php" and version "5.5.0"
-
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
5.5.0
Search vendor "Php" for product "Php" and version "5.5.0"
alpha1
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
5.5.0
Search vendor "Php" for product "Php" and version "5.5.0"
alpha2
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
5.5.0
Search vendor "Php" for product "Php" and version "5.5.0"
alpha3
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
5.5.0
Search vendor "Php" for product "Php" and version "5.5.0"
alpha4
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
5.5.0
Search vendor "Php" for product "Php" and version "5.5.0"
alpha5
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
5.5.0
Search vendor "Php" for product "Php" and version "5.5.0"
alpha6
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
5.5.0
Search vendor "Php" for product "Php" and version "5.5.0"
beta1
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
5.5.0
Search vendor "Php" for product "Php" and version "5.5.0"
beta2
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
5.5.0
Search vendor "Php" for product "Php" and version "5.5.0"
beta3
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
5.5.0
Search vendor "Php" for product "Php" and version "5.5.0"
beta4
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
5.5.0
Search vendor "Php" for product "Php" and version "5.5.0"
rc1
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
5.5.0
Search vendor "Php" for product "Php" and version "5.5.0"
rc2
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
5.5.1
Search vendor "Php" for product "Php" and version "5.5.1"
-
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
5.5.2
Search vendor "Php" for product "Php" and version "5.5.2"
-
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
5.5.3
Search vendor "Php" for product "Php" and version "5.5.3"
-
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
5.5.4
Search vendor "Php" for product "Php" and version "5.5.4"
-
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
5.5.5
Search vendor "Php" for product "Php" and version "5.5.5"
-
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
5.5.6
Search vendor "Php" for product "Php" and version "5.5.6"
-
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
5.5.7
Search vendor "Php" for product "Php" and version "5.5.7"
-
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
5.5.8
Search vendor "Php" for product "Php" and version "5.5.8"
-
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
5.5.9
Search vendor "Php" for product "Php" and version "5.5.9"
-
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
5.5.10
Search vendor "Php" for product "Php" and version "5.5.10"
-
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
5.5.11
Search vendor "Php" for product "Php" and version "5.5.11"
-
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
5.5.12
Search vendor "Php" for product "Php" and version "5.5.12"
-
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
5.5.13
Search vendor "Php" for product "Php" and version "5.5.13"
-
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
5.5.14
Search vendor "Php" for product "Php" and version "5.5.14"
-
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
5.5.15
Search vendor "Php" for product "Php" and version "5.5.15"
-
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
5.5.16
Search vendor "Php" for product "Php" and version "5.5.16"
-
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
5.5.17
Search vendor "Php" for product "Php" and version "5.5.17"
-
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
5.5.18
Search vendor "Php" for product "Php" and version "5.5.18"
-
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
5.5.19
Search vendor "Php" for product "Php" and version "5.5.19"
-
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
5.5.20
Search vendor "Php" for product "Php" and version "5.5.20"
-
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
5.5.21
Search vendor "Php" for product "Php" and version "5.5.21"
-
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
5.5.22
Search vendor "Php" for product "Php" and version "5.5.22"
-
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
5.6.0
Search vendor "Php" for product "Php" and version "5.6.0"
alpha1
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
5.6.0
Search vendor "Php" for product "Php" and version "5.6.0"
alpha2
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
5.6.0
Search vendor "Php" for product "Php" and version "5.6.0"
alpha3
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
5.6.0
Search vendor "Php" for product "Php" and version "5.6.0"
alpha4
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
5.6.0
Search vendor "Php" for product "Php" and version "5.6.0"
alpha5
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
5.6.0
Search vendor "Php" for product "Php" and version "5.6.0"
beta1
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
5.6.0
Search vendor "Php" for product "Php" and version "5.6.0"
beta2
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
5.6.0
Search vendor "Php" for product "Php" and version "5.6.0"
beta3
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
5.6.0
Search vendor "Php" for product "Php" and version "5.6.0"
beta4
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
5.6.1
Search vendor "Php" for product "Php" and version "5.6.1"
-
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
5.6.2
Search vendor "Php" for product "Php" and version "5.6.2"
-
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
5.6.3
Search vendor "Php" for product "Php" and version "5.6.3"
-
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
5.6.4
Search vendor "Php" for product "Php" and version "5.6.4"
-
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
5.6.5
Search vendor "Php" for product "Php" and version "5.6.5"
-
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
5.6.6
Search vendor "Php" for product "Php" and version "5.6.6"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
7.0
Search vendor "Debian" for product "Debian Linux" and version "7.0"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
22
Search vendor "Fedoraproject" for product "Fedora" and version "22"
-
Affected
Opensuse
Search vendor "Opensuse"
Opensuse
Search vendor "Opensuse" for product "Opensuse"
13.1
Search vendor "Opensuse" for product "Opensuse" and version "13.1"
-
Affected
Opensuse
Search vendor "Opensuse"
Opensuse
Search vendor "Opensuse" for product "Opensuse"
13.2
Search vendor "Opensuse" for product "Opensuse" and version "13.2"
-
Affected