Use-after-free Vulnerability Affecting PHP Products by The PHP Group
CVE-2015-2301

Currently unrated

Key Information:

Vendor

Canonical

Status
Ubuntu Linux
Debian Linux
Opensuse
Vendor
CVE Published:
30 March 2015

What is CVE-2015-2301?

The use-after-free vulnerability in the phar_rename_archive function located in phar_object.c within PHP versions prior to 5.5.22 and 5.6.x before 5.6.6 enables remote attackers to initiate a denial of service. The flaw occurs when the function attempts to rename a Phar archive to match an existing file, leading to undefined behavior and potential exploitation of the vulnerability.

References

http://www.debian.org/security/2015/dsa-3198
vendor-advisoryx_refsource_DEBIAN
http://www.ubuntu.com/usn/USN-2535-1
vendor-advisoryx_refsource_UBUNTU
http://marc.info/?l=bugtraq&m=144050155601375&w=2
vendor-advisoryx_refsource_HP

EPSS Score

11% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.