Use-after-free Vulnerability Affecting PHP Products by The PHP Group
CVE-2015-2301

Currently unrated

Key Information:

Vendor: Canonical
Status: Ubuntu Linux; Debian Linux; Opensuse
Vendor: CVE Published:; 30 March 2015

Summary

The use-after-free vulnerability in the phar_rename_archive function located in phar_object.c within PHP versions prior to 5.5.22 and 5.6.x before 5.6.6 enables remote attackers to initiate a denial of service. The flaw occurs when the function attempts to rename a Phar archive to match an existing file, leading to undefined behavior and potential exploitation of the vulnerability.

References

http://www.debian.org/security/2015/dsa-3198

vendor-advisoryx_refsource_DEBIAN

http://www.ubuntu.com/usn/USN-2535-1

vendor-advisoryx_refsource_UBUNTU

http://marc.info/?l=bugtraq&m=144050155601375&w=2

vendor-advisoryx_refsource_HP

EPSS Score

17% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 30, 2015
Vulnerability Reserved
Mar 15, 2015