Description

ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length value in conjunction with crafted serialized data in a phar archive, related to the phar_parse_metadata and phar_parse_pharfile functions.

Remediation

References

CVE-2015-2783

Related Vulnerabilities

Apache HTTP Server Other Vulnerability (CVE-2002-2103)

Oracle Application Server Other Vulnerability (CVE-2004-1365)

WordPress 4.9.x Multiple Vulnerabilities (4.9 - 4.9.11)

Apache HTTP Server CVE-2005-2700 Vulnerability (CVE-2005-2700)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-4280)

Severity

Medium

Classification

CVE-2015-2783 CWE-119

Tags

Missing Update Known Vulnerabilities