Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2015-AVI-265
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans PHP. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur et une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "PHP versions ant\u00e9rieures \u00e0 5.4.42",
"product": {
"name": "PHP",
"vendor": {
"name": "PHP",
"scada": false
}
}
},
{
"description": "PHP versions ant\u00e9rieures \u00e0 5.6.10",
"product": {
"name": "PHP",
"vendor": {
"name": "PHP",
"scada": false
}
}
},
{
"description": "PHP versions ant\u00e9rieures \u00e0 5.5.26",
"product": {
"name": "PHP",
"vendor": {
"name": "PHP",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-3416",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3416"
},
{
"name": "CVE-2015-2325",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2325"
},
{
"name": "CVE-2015-3415",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3415"
},
{
"name": "CVE-2015-2326",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2326"
},
{
"name": "CVE-2015-3414",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3414"
},
{
"name": "CVE-2015-4643",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4643"
},
{
"name": "CVE-2015-4642",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4642"
},
{
"name": "CVE-2015-4644",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4644"
}
],
"initial_release_date": "2015-06-24T00:00:00",
"last_revision_date": "2015-06-24T00:00:00",
"links": [],
"reference": "CERTFR-2015-AVI-265",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2015-06-24T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ePHP\u003c/span\u003e. Elles permettent \u00e0 un attaquant de provoquer\nun probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur et une ex\u00e9cution de\ncode arbitraire \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans PHP",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 PHP du 11 juin 2015",
"url": "http://www.php.net/ChangeLog-5.php#5.6.10"
}
]
}
CVE-2015-3415 (GCVE-0-2015-3415)
Vulnerability from cvelistv5
Published
2015-04-24 17:00
Modified
2024-08-06 05:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:47:57.679Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2015:1635",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1635.html"
},
{
"name": "1033703",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033703"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "74228",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74228"
},
{
"name": "APPLE-SA-2015-09-30-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
},
{
"name": "GLSA-201507-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201507-05"
},
{
"name": "USN-2698-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2698-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT205267"
},
{
"name": "APPLE-SA-2015-09-21-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.sqlite.org/src/info/02e3c88fbf6abdcf3975fb0fb71972b0ab30da30"
},
{
"name": "MDVSA-2015:217",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:217"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT205213"
},
{
"name": "DSA-3252",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3252"
},
{
"name": "20150414 several issues in SQLite (+ catching up on several other bugs)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Apr/31"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0\u0026O\u003eO) in a CREATE TABLE statement."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2015:1635",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1635.html"
},
{
"name": "1033703",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033703"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "74228",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74228"
},
{
"name": "APPLE-SA-2015-09-30-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
},
{
"name": "GLSA-201507-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201507-05"
},
{
"name": "USN-2698-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2698-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT205267"
},
{
"name": "APPLE-SA-2015-09-21-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.sqlite.org/src/info/02e3c88fbf6abdcf3975fb0fb71972b0ab30da30"
},
{
"name": "MDVSA-2015:217",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:217"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT205213"
},
{
"name": "DSA-3252",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3252"
},
{
"name": "20150414 several issues in SQLite (+ catching up on several other bugs)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Apr/31"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3415",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0\u0026O\u003eO) in a CREATE TABLE statement."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:1635",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1635.html"
},
{
"name": "1033703",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033703"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "74228",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74228"
},
{
"name": "APPLE-SA-2015-09-30-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
},
{
"name": "GLSA-201507-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201507-05"
},
{
"name": "USN-2698-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2698-1"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "https://support.apple.com/HT205267",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205267"
},
{
"name": "APPLE-SA-2015-09-21-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html"
},
{
"name": "https://www.sqlite.org/src/info/02e3c88fbf6abdcf3975fb0fb71972b0ab30da30",
"refsource": "CONFIRM",
"url": "https://www.sqlite.org/src/info/02e3c88fbf6abdcf3975fb0fb71972b0ab30da30"
},
{
"name": "MDVSA-2015:217",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:217"
},
{
"name": "https://support.apple.com/HT205213",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205213"
},
{
"name": "DSA-3252",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3252"
},
{
"name": "20150414 several issues in SQLite (+ catching up on several other bugs)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Apr/31"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-3415",
"datePublished": "2015-04-24T17:00:00",
"dateReserved": "2015-04-24T00:00:00",
"dateUpdated": "2024-08-06T05:47:57.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3416 (GCVE-0-2015-3416)
Vulnerability from cvelistv5
Published
2015-04-24 17:00
Modified
2024-08-06 05:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:47:57.818Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2015:1634",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1634.html"
},
{
"name": "RHSA-2015:1635",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1635.html"
},
{
"name": "1033703",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033703"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "74228",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74228"
},
{
"name": "APPLE-SA-2015-09-30-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
},
{
"name": "GLSA-201507-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201507-05"
},
{
"name": "USN-2698-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2698-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sqlite.org/src/info/c494171f77dc2e5e04cb6d865e688448f04e5920"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT205267"
},
{
"name": "APPLE-SA-2015-09-21-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html"
},
{
"name": "MDVSA-2015:217",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:217"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT205213"
},
{
"name": "DSA-3252",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3252"
},
{
"name": "20150414 several issues in SQLite (+ catching up on several other bugs)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Apr/31"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2015:1634",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1634.html"
},
{
"name": "RHSA-2015:1635",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1635.html"
},
{
"name": "1033703",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033703"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "74228",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74228"
},
{
"name": "APPLE-SA-2015-09-30-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
},
{
"name": "GLSA-201507-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201507-05"
},
{
"name": "USN-2698-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2698-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sqlite.org/src/info/c494171f77dc2e5e04cb6d865e688448f04e5920"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT205267"
},
{
"name": "APPLE-SA-2015-09-21-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html"
},
{
"name": "MDVSA-2015:217",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:217"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT205213"
},
{
"name": "DSA-3252",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3252"
},
{
"name": "20150414 several issues in SQLite (+ catching up on several other bugs)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Apr/31"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3416",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:1634",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1634.html"
},
{
"name": "RHSA-2015:1635",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1635.html"
},
{
"name": "1033703",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033703"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "74228",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74228"
},
{
"name": "APPLE-SA-2015-09-30-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
},
{
"name": "GLSA-201507-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201507-05"
},
{
"name": "USN-2698-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2698-1"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "http://www.sqlite.org/src/info/c494171f77dc2e5e04cb6d865e688448f04e5920",
"refsource": "CONFIRM",
"url": "http://www.sqlite.org/src/info/c494171f77dc2e5e04cb6d865e688448f04e5920"
},
{
"name": "https://support.apple.com/HT205267",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205267"
},
{
"name": "APPLE-SA-2015-09-21-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html"
},
{
"name": "MDVSA-2015:217",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:217"
},
{
"name": "https://support.apple.com/HT205213",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205213"
},
{
"name": "DSA-3252",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3252"
},
{
"name": "20150414 several issues in SQLite (+ catching up on several other bugs)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Apr/31"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-3416",
"datePublished": "2015-04-24T17:00:00",
"dateReserved": "2015-04-24T00:00:00",
"dateUpdated": "2024-08-06T05:47:57.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-4642 (GCVE-0-2015-4642)
Vulnerability from cvelistv5
Published
2016-05-16 10:00
Modified
2024-08-06 06:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The escapeshellarg function in ext/standard/exec.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 on Windows allows remote attackers to execute arbitrary OS commands via a crafted string to an application that accepts command-line arguments for a call to the PHP system function.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:18:12.095Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1032709",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032709"
},
{
"name": "75290",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75290"
},
{
"name": "[oss-security] 20150618 Re: PHP 5.6.10 / 5.5.26 / 5.4.42 CVE request",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2015/06/18/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://php.net/ChangeLog-5.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=69646"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=d2ac264ffea5ca2e85640b6736e0c7cd4ee9a4a9"
},
{
"name": "GLSA-201606-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201606-10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The escapeshellarg function in ext/standard/exec.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 on Windows allows remote attackers to execute arbitrary OS commands via a crafted string to an application that accepts command-line arguments for a call to the PHP system function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-21T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "1032709",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032709"
},
{
"name": "75290",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75290"
},
{
"name": "[oss-security] 20150618 Re: PHP 5.6.10 / 5.5.26 / 5.4.42 CVE request",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2015/06/18/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://php.net/ChangeLog-5.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.php.net/bug.php?id=69646"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=d2ac264ffea5ca2e85640b6736e0c7cd4ee9a4a9"
},
{
"name": "GLSA-201606-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201606-10"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-4642",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The escapeshellarg function in ext/standard/exec.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 on Windows allows remote attackers to execute arbitrary OS commands via a crafted string to an application that accepts command-line arguments for a call to the PHP system function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032709",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032709"
},
{
"name": "75290",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75290"
},
{
"name": "[oss-security] 20150618 Re: PHP 5.6.10 / 5.5.26 / 5.4.42 CVE request",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2015/06/18/6"
},
{
"name": "http://php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"url": "http://php.net/ChangeLog-5.php"
},
{
"name": "https://bugs.php.net/bug.php?id=69646",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=69646"
},
{
"name": "http://git.php.net/?p=php-src.git;a=commit;h=d2ac264ffea5ca2e85640b6736e0c7cd4ee9a4a9",
"refsource": "CONFIRM",
"url": "http://git.php.net/?p=php-src.git;a=commit;h=d2ac264ffea5ca2e85640b6736e0c7cd4ee9a4a9"
},
{
"name": "GLSA-201606-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201606-10"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-4642",
"datePublished": "2016-05-16T10:00:00",
"dateReserved": "2015-06-18T00:00:00",
"dateUpdated": "2024-08-06T06:18:12.095Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-4643 (GCVE-0-2015-4643)
Vulnerability from cvelistv5
Published
2016-05-16 10:00
Modified
2024-08-06 06:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4022.
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:18:12.092Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2015:1187",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1187.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=69545"
},
{
"name": "1032709",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032709"
},
{
"name": "RHSA-2015:1186",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1186.html"
},
{
"name": "DSA-3344",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3344"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "[oss-security] 20150618 Re: PHP 5.6.10 / 5.5.26 / 5.4.42 CVE request",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2015/06/18/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://php.net/ChangeLog-5.php"
},
{
"name": "75291",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75291"
},
{
"name": "RHSA-2015:1135",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1135.html"
},
{
"name": "GLSA-201606-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201606-10"
},
{
"name": "RHSA-2015:1218",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1218.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=0765623d6991b62ffcd93ddb6be8a5203a2fa7e2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4022."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2015:1187",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1187.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.php.net/bug.php?id=69545"
},
{
"name": "1032709",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032709"
},
{
"name": "RHSA-2015:1186",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1186.html"
},
{
"name": "DSA-3344",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3344"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "[oss-security] 20150618 Re: PHP 5.6.10 / 5.5.26 / 5.4.42 CVE request",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2015/06/18/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://php.net/ChangeLog-5.php"
},
{
"name": "75291",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75291"
},
{
"name": "RHSA-2015:1135",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1135.html"
},
{
"name": "GLSA-201606-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201606-10"
},
{
"name": "RHSA-2015:1218",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1218.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=0765623d6991b62ffcd93ddb6be8a5203a2fa7e2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-4643",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4022."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:1187",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1187.html"
},
{
"name": "https://bugs.php.net/bug.php?id=69545",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=69545"
},
{
"name": "1032709",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032709"
},
{
"name": "RHSA-2015:1186",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1186.html"
},
{
"name": "DSA-3344",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3344"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "[oss-security] 20150618 Re: PHP 5.6.10 / 5.5.26 / 5.4.42 CVE request",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2015/06/18/6"
},
{
"name": "http://php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"url": "http://php.net/ChangeLog-5.php"
},
{
"name": "75291",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75291"
},
{
"name": "RHSA-2015:1135",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1135.html"
},
{
"name": "GLSA-201606-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201606-10"
},
{
"name": "RHSA-2015:1218",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1218.html"
},
{
"name": "http://git.php.net/?p=php-src.git;a=commit;h=0765623d6991b62ffcd93ddb6be8a5203a2fa7e2",
"refsource": "CONFIRM",
"url": "http://git.php.net/?p=php-src.git;a=commit;h=0765623d6991b62ffcd93ddb6be8a5203a2fa7e2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-4643",
"datePublished": "2016-05-16T10:00:00",
"dateReserved": "2015-06-18T00:00:00",
"dateUpdated": "2024-08-06T06:18:12.092Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3414 (GCVE-0-2015-3414)
Vulnerability from cvelistv5
Published
2015-04-24 17:00
Modified
2024-08-06 05:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement.
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:47:57.689Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2015:1635",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1635.html"
},
{
"name": "1033703",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033703"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "74228",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74228"
},
{
"name": "APPLE-SA-2015-09-30-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
},
{
"name": "GLSA-201507-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201507-05"
},
{
"name": "USN-2698-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2698-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT205267"
},
{
"name": "APPLE-SA-2015-09-21-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.sqlite.org/src/info/eddc05e7bb31fae74daa86e0504a3478b99fa0f2"
},
{
"name": "MDVSA-2015:217",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:217"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT205213"
},
{
"name": "DSA-3252",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3252"
},
{
"name": "20150414 several issues in SQLite (+ catching up on several other bugs)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Apr/31"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE\"\"\"\"\"\"\"\" at the end of a SELECT statement."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2015:1635",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1635.html"
},
{
"name": "1033703",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033703"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "74228",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74228"
},
{
"name": "APPLE-SA-2015-09-30-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
},
{
"name": "GLSA-201507-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201507-05"
},
{
"name": "USN-2698-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2698-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT205267"
},
{
"name": "APPLE-SA-2015-09-21-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.sqlite.org/src/info/eddc05e7bb31fae74daa86e0504a3478b99fa0f2"
},
{
"name": "MDVSA-2015:217",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:217"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT205213"
},
{
"name": "DSA-3252",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3252"
},
{
"name": "20150414 several issues in SQLite (+ catching up on several other bugs)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Apr/31"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3414",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE\"\"\"\"\"\"\"\" at the end of a SELECT statement."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:1635",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1635.html"
},
{
"name": "1033703",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033703"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "74228",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74228"
},
{
"name": "APPLE-SA-2015-09-30-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
},
{
"name": "GLSA-201507-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201507-05"
},
{
"name": "USN-2698-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2698-1"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "https://support.apple.com/HT205267",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205267"
},
{
"name": "APPLE-SA-2015-09-21-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html"
},
{
"name": "https://www.sqlite.org/src/info/eddc05e7bb31fae74daa86e0504a3478b99fa0f2",
"refsource": "CONFIRM",
"url": "https://www.sqlite.org/src/info/eddc05e7bb31fae74daa86e0504a3478b99fa0f2"
},
{
"name": "MDVSA-2015:217",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:217"
},
{
"name": "https://support.apple.com/HT205213",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205213"
},
{
"name": "DSA-3252",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3252"
},
{
"name": "20150414 several issues in SQLite (+ catching up on several other bugs)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Apr/31"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-3414",
"datePublished": "2015-04-24T17:00:00",
"dateReserved": "2015-04-24T00:00:00",
"dateUpdated": "2024-08-06T05:47:57.689Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2325 (GCVE-0-2015-2325)
Vulnerability from cvelistv5
Published
2020-01-14 16:46
Modified
2024-08-06 05:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:10:15.978Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.exim.org/show_bug.cgi?id=1591"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.pcre.org/original/changelog.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fortiguard.com/zeroday/FG-VD-15-015"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-14T16:46:55",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.exim.org/show_bug.cgi?id=1591"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.pcre.org/original/changelog.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fortiguard.com/zeroday/FG-VD-15-015"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2325",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html",
"refsource": "MISC",
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html"
},
{
"name": "https://bugs.exim.org/show_bug.cgi?id=1591",
"refsource": "MISC",
"url": "https://bugs.exim.org/show_bug.cgi?id=1591"
},
{
"name": "https://www.pcre.org/original/changelog.txt",
"refsource": "CONFIRM",
"url": "https://www.pcre.org/original/changelog.txt"
},
{
"name": "https://fortiguard.com/zeroday/FG-VD-15-015",
"refsource": "MISC",
"url": "https://fortiguard.com/zeroday/FG-VD-15-015"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-2325",
"datePublished": "2020-01-14T16:46:55",
"dateReserved": "2015-03-18T00:00:00",
"dateUpdated": "2024-08-06T05:10:15.978Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-4644 (GCVE-0-2015-4644)
Vulnerability from cvelistv5
Published
2016-05-16 10:00
Modified
2024-08-06 06:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1352.
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:18:12.079Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2015:1187",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1187.html"
},
{
"name": "1032709",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032709"
},
{
"name": "RHSA-2015:1186",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1186.html"
},
{
"name": "DSA-3344",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3344"
},
{
"name": "75292",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75292"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "[oss-security] 20150618 Re: PHP 5.6.10 / 5.5.26 / 5.4.42 CVE request",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2015/06/18/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://php.net/ChangeLog-5.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=69667"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=2cc4e69cc6d8dbc4b3568ad3dd583324a7c11d64"
},
{
"name": "GLSA-201606-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201606-10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1352."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2015:1187",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1187.html"
},
{
"name": "1032709",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032709"
},
{
"name": "RHSA-2015:1186",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1186.html"
},
{
"name": "DSA-3344",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3344"
},
{
"name": "75292",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75292"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "[oss-security] 20150618 Re: PHP 5.6.10 / 5.5.26 / 5.4.42 CVE request",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2015/06/18/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://php.net/ChangeLog-5.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.php.net/bug.php?id=69667"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=2cc4e69cc6d8dbc4b3568ad3dd583324a7c11d64"
},
{
"name": "GLSA-201606-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201606-10"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-4644",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1352."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:1187",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1187.html"
},
{
"name": "1032709",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032709"
},
{
"name": "RHSA-2015:1186",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1186.html"
},
{
"name": "DSA-3344",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3344"
},
{
"name": "75292",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75292"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "[oss-security] 20150618 Re: PHP 5.6.10 / 5.5.26 / 5.4.42 CVE request",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2015/06/18/6"
},
{
"name": "http://php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"url": "http://php.net/ChangeLog-5.php"
},
{
"name": "https://bugs.php.net/bug.php?id=69667",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=69667"
},
{
"name": "http://git.php.net/?p=php-src.git;a=commit;h=2cc4e69cc6d8dbc4b3568ad3dd583324a7c11d64",
"refsource": "CONFIRM",
"url": "http://git.php.net/?p=php-src.git;a=commit;h=2cc4e69cc6d8dbc4b3568ad3dd583324a7c11d64"
},
{
"name": "GLSA-201606-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201606-10"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-4644",
"datePublished": "2016-05-16T10:00:00",
"dateReserved": "2015-06-18T00:00:00",
"dateUpdated": "2024-08-06T06:18:12.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2326 (GCVE-0-2015-2326)
Vulnerability from cvelistv5
Published
2020-01-14 16:46
Modified
2024-08-06 05:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/".
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:10:16.144Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.exim.org/show_bug.cgi?id=1592"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.pcre.org/original/changelog.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fortiguard.com/zeroday/FG-VD-15-016"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by \"((?+1)(\\1))/\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-14T16:46:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.exim.org/show_bug.cgi?id=1592"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.pcre.org/original/changelog.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fortiguard.com/zeroday/FG-VD-15-016"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2326",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by \"((?+1)(\\1))/\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.exim.org/show_bug.cgi?id=1592",
"refsource": "MISC",
"url": "https://bugs.exim.org/show_bug.cgi?id=1592"
},
{
"name": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html",
"refsource": "MISC",
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html"
},
{
"name": "https://www.pcre.org/original/changelog.txt",
"refsource": "CONFIRM",
"url": "https://www.pcre.org/original/changelog.txt"
},
{
"name": "https://fortiguard.com/zeroday/FG-VD-15-016",
"refsource": "MISC",
"url": "https://fortiguard.com/zeroday/FG-VD-15-016"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-2326",
"datePublished": "2020-01-14T16:46:57",
"dateReserved": "2015-03-18T00:00:00",
"dateUpdated": "2024-08-06T05:10:16.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…