CVE-2015-7803

Published: Dec 11, 2015Modified: May 6, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator references a file that does not exist.

Affected (15)

Products: Php: Php · Apple: Mac Os X

1 product

1 product

Configuration A

14 vulnerable

Vulnerable Software	Affected Versions
Php Php	Up to 5.5.29
Php Php	Version 5.6.10
Php Php	Version 5.6.11
Php Php	Version 5.6.12
Php Php	Version 5.6.13
Php Php	Version 5.6.1
Php Php	Version 5.6.2
Php Php	Version 5.6.3
Php Php	Version 5.6.4
Php Php	Version 5.6.5
Php Php	Version 5.6.6
Php Php	Version 5.6.7
Php Php	Version 5.6.8
Php Php	Version 5.6.9

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Apple Mac Os X	Up to 10.11.1

References (28)

http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=d698f0ae51f67c9cce870b09c59df3d6ba959244

Source: secalert@redhat.com

http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-updates/2016-01/msg00099.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-updates/2016-02/msg00037.html

Source: secalert@redhat.com

http://www.debian.org/security/2015/dsa-3380

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2015/10/05/8

Source: secalert@redhat.com

http://www.php.net/ChangeLog-5.php

Source: secalert@redhat.com

http://www.securityfocus.com/bid/76959

Source: secalert@redhat.com

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.461720

Source: secalert@redhat.com

http://www.ubuntu.com/usn/USN-2786-1

Source: secalert@redhat.com

https://bugs.php.net/bug.php?id=69720

Source: secalert@redhat.com

Vendor Advisory

https://security.gentoo.org/glsa/201606-10

Source: secalert@redhat.com

https://support.apple.com/HT205637

Source: secalert@redhat.com

Vendor Advisory

http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=d698f0ae51f67c9cce870b09c59df3d6ba959244

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-updates/2016-01/msg00099.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-updates/2016-02/msg00037.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2015/dsa-3380

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2015/10/05/8

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.php.net/ChangeLog-5.php

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/76959

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.461720

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-2786-1

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.php.net/bug.php?id=69720

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://security.gentoo.org/glsa/201606-10

Source: af854a3a-2127-422b-91ae-364da2661108

https://support.apple.com/HT205637

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.