CVE-2015-2331

Published: Mar 30, 2015Modified: May 6, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow.

Affected (56)

Products: Nih: Libzip · Php: Php · Debian: Debian Linux · +2 more

Show all products

Nih: Libzip · Php: Php · Debian: Debian Linux · Fedoraproject: Fedora · Opensuse: Opensuse

1 product

1 product

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Nih Libzip	Up to 0.11.2

Configuration B

51 vulnerable

Vulnerable Software	Affected Versions
Php Php	Up to 5.4.38
Php Php	Version 5.5.0
Php Php	Version 5.5.0 alpha1
Php Php	Version 5.5.0 alpha2
Php Php	Version 5.5.0 alpha3
Php Php	Version 5.5.0 alpha4
Php Php	Version 5.5.0 alpha5
Php Php	Version 5.5.0 alpha6
Php Php	Version 5.5.0 beta1
Php Php	Version 5.5.0 beta2
Php Php	Version 5.5.0 beta3
Php Php	Version 5.5.0 beta4
Php Php	Version 5.5.0 rc1
Php Php	Version 5.5.0 rc2
Php Php	Version 5.5.10
Php Php	Version 5.5.11
Php Php	Version 5.5.12
Php Php	Version 5.5.13
Php Php	Version 5.5.14
Php Php	Version 5.5.15
Php Php	Version 5.5.16
Php Php	Version 5.5.17
Php Php	Version 5.5.18
Php Php	Version 5.5.19
Php Php	Version 5.5.1
Php Php	Version 5.5.20
Php Php	Version 5.5.21
Php Php	Version 5.5.22
Php Php	Version 5.5.2
Php Php	Version 5.5.3
Php Php	Version 5.5.4
Php Php	Version 5.5.5
Php Php	Version 5.5.6
Php Php	Version 5.5.7
Php Php	Version 5.5.8
Php Php	Version 5.5.9
Php Php	Version 5.6.0 alpha1
Php Php	Version 5.6.0 alpha2
Php Php	Version 5.6.0 alpha3
Php Php	Version 5.6.0 alpha4
Php Php	Version 5.6.0 alpha5
Php Php	Version 5.6.0 beta1
Php Php	Version 5.6.0 beta2
Php Php	Version 5.6.0 beta3
Php Php	Version 5.6.0 beta4
Php Php	Version 5.6.1
Php Php	Version 5.6.2
Php Php	Version 5.6.3
Php Php	Version 5.6.4
Php Php	Version 5.6.5
Php Php	Version 5.6.6

Configuration C

4 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 7.0
Fedoraproject Fedora	Version 22
Opensuse Opensuse	Version 13.1
Opensuse Opensuse	Version 13.2

Related CWEs

References (42)

http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=ef8fc4b53d92fbfcd8ef1abbd6f2f5fe2c4a11e5

Source: cve@mitre.org

http://hg.nih.at/libzip/rev/9f11d54f692e

Source: cve@mitre.org

Vendor Advisory

http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html

Source: cve@mitre.org

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154266.html

Source: cve@mitre.org

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154276.html

Source: cve@mitre.org

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154666.html

Source: cve@mitre.org

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155299.html

Source: cve@mitre.org

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155622.html

Source: cve@mitre.org

http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153983.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-updates/2015-03/msg00083.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-updates/2015-04/msg00002.html

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=143403519711434&w=2

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=143748090628601&w=2

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=144050155601375&w=2

Source: cve@mitre.org

http://php.net/ChangeLog-5.php

Source: cve@mitre.org

http://www.debian.org/security/2015/dsa-3198

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDVSA-2015:079

Source: cve@mitre.org

http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

Source: cve@mitre.org

http://www.securitytracker.com/id/1031985

Source: cve@mitre.org

https://bugs.php.net/bug.php?id=69253

Source: cve@mitre.org

Exploit

https://support.apple.com/HT205267

Source: cve@mitre.org

http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=ef8fc4b53d92fbfcd8ef1abbd6f2f5fe2c4a11e5

Source: af854a3a-2127-422b-91ae-364da2661108

http://hg.nih.at/libzip/rev/9f11d54f692e

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154266.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154276.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154666.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155299.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155622.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153983.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-updates/2015-03/msg00083.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-updates/2015-04/msg00002.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=bugtraq&m=143403519711434&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=bugtraq&m=143748090628601&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=bugtraq&m=144050155601375&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://php.net/ChangeLog-5.php

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2015/dsa-3198

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2015:079

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1031985

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.php.net/bug.php?id=69253

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://support.apple.com/HT205267

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.