CVE-2015-2331

by Fred · 30/03/2015

Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow.

Date published : 2015-03-30

http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html

http://git.php.net/?p=php-src.git;a=commit;h=ef8fc4b53d92fbfcd8ef1abbd6f2f5fe2c4a11e5

CVE-2015-2331

Similar

Recent Posts

Categories

CVE-2015-2331

Share this:

Similar

Recent Posts

Categories

Tags