CVE-2015-4022

Advisory lineage Upstream: 0 Downstream: 13
Modified
Published: 09 Jun 2015, 18:00
Last modified:06 Aug 2024, 06:04

Vulnerability Summary

Overall Risk (default)
medium
42/100
CVSS Score
7.5 HIGH
v2.0 (nvd)
EPSS Score
12.08% MEDIUM
12% probability -8.55%
KEV
Not listed
Ransomware
No reports
Public exploits
1 found
Dark Web
Not detected

Timeline

09 Jun 2015, 18:00
Published
Vulnerability first disclosed
06 Aug 2024, 06:04
Last Modified
Vulnerability information updated

Description

Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow.

CVSS Metrics

  • v2.0HIGHScore: 7.5AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 12.08% Percentile: 94%

Techniques & Countermeasures

  • CWE-189Numeric Errors

    Weaknesses in this category are related to improper calculation or conversion of numbers.

Affected Systems

  • applemac_os_x

    ≤ 10.10.4

  • UnknownPHP

    ≤ 5.4.40 | 5.4.39 | 5.5.0 | 5.5.0:alpha1 | 5.5.0:alpha2 | 5.5.0:alpha3 | 5.5.0:alpha4 | 5.5.0:alpha5 | 5.5.0:alpha6 | 5.5.0:beta1 | 5.5.0:beta2 | 5.5.0:beta3 | 5.5.0:beta4 | 5.5.0:rc1 | 5.5.0:rc2 | 5.5.1 | 5.5.2 | 5.5.3 | 5.5.4 | 5.5.5 | 5.5.6 | 5.5.7 | 5.5.8 | 5.5.9 | 5.5.10 | 5.5.11 | 5.5.12 | 5.5.13 | 5.5.14 | 5.5.18 | 5.5.19 | 5.5.20 | 5.5.21 | 5.5.22 | 5.5.23 | 5.5.24 | 5.6.0:alpha1 | 5.6.0:alpha2 | 5.6.0:alpha3 | 5.6.0:alpha4 | 5.6.0:alpha5 | 5.6.0:beta1 | 5.6.0:beta2 | 5.6.0:beta3 | 5.6.0:beta4 | 5.6.2 | 5.6.3 | 5.6.4 | 5.6.5 | 5.6.6 | 5.6.7 | 5.6.8

  • redhatenterprise_linux

    6.0 | 7.0

  • redhatenterprise_linux_desktop

    7.0

  • redhatenterprise_linux_hpc_node

    7.0

  • redhatenterprise_linux_hpc_node_eus

    7.1

  • redhatenterprise_linux_server

    7.0

  • redhatenterprise_linux_server_eus

    7.1

  • redhatenterprise_linux_workstation

    7.0

References (18)