CVE-2015-2301

Published: Mar 30, 2015Modified: May 6, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file.

Affected (17)

Products: Canonical: Ubuntu Linux · Debian: Debian Linux · Opensuse: Opensuse · +3 more

Show all products

Canonical: Ubuntu Linux · Debian: Debian Linux · Opensuse: Opensuse · Php: Php · Apple: Mac Os X · Redhat: Enterprise Linux Desktop, Enterprise Linux Hpc Node, Enterprise Linux Hpc Node Eus, Enterprise Linux Server, Enterprise Linux Server Eus, Enterprise Linux Workstation

1 product

1 product

1 product

1 product

1 product

6 products

Enterprise Linux Desktop

Enterprise Linux Hpc Node

Enterprise Linux Hpc Node Eus

Enterprise Linux Server

Enterprise Linux Server Eus

Enterprise Linux Workstation

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 10.04
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 14.10
Debian Debian Linux	Version 7.0
Opensuse Opensuse	Version 13.1
Opensuse Opensuse	Version 13.2

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Php Php	From 5.4.0 to 5.4.40
Php Php	From 5.5.0 to 5.5.22
Php Php	From 5.6.0 to 5.6.6

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Apple Mac Os X	Up to 10.10.4

Configuration D

6 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 7.0
Redhat Enterprise Linux Hpc Node	Version 7.0
Redhat Enterprise Linux Hpc Node Eus	Version 7.1
Redhat Enterprise Linux Server	Version 7.0
Redhat Enterprise Linux Server Eus	Version 7.1
Redhat Enterprise Linux Workstation	Version 7.0

Related CWEs

CWE-416

Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (48)

http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=b2cf3f064b8f5efef89bb084521b61318c71781b

Source: cve@mitre.org

http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2015-04/msg00002.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://marc.info/?l=bugtraq&m=143403519711434&w=2

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://marc.info/?l=bugtraq&m=143748090628601&w=2

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://marc.info/?l=bugtraq&m=144050155601375&w=2

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://openwall.com/lists/oss-security/2015/03/15/6

Source: cve@mitre.org

ExploitMailing List

http://php.net/ChangeLog-5.php

Source: cve@mitre.org

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2015-1053.html

Source: cve@mitre.org

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-1066.html

Source: cve@mitre.org

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-1135.html

Source: cve@mitre.org

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-1218.html

Source: cve@mitre.org

Third Party Advisory

http://www.debian.org/security/2015/dsa-3198

Source: cve@mitre.org

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2015:079

Source: cve@mitre.org

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

Source: cve@mitre.org

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

Source: cve@mitre.org

Third Party Advisory

http://www.securityfocus.com/bid/73037

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1031949

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-2535-1

Source: cve@mitre.org

Third Party Advisory

https://bugs.php.net/bug.php?id=68901

Source: cve@mitre.org

ExploitVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1194747

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://security.gentoo.org/glsa/201606-10

Source: cve@mitre.org

Third Party Advisory

https://support.apple.com/HT205267

Source: cve@mitre.org

Third Party Advisory

http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=b2cf3f064b8f5efef89bb084521b61318c71781b