Upstream information
Description
The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\x05\x06 signature at an invalid location.SUSE information
Overall state of this security issue: Does not affect SUSE products
National Vulnerability Database | SUSE | |
---|---|---|
Base Score | 6.4 | 4.3 |
Vector | AV:N/AC:L/Au:N/C:P/I:N/A:P | AV:N/AC:M/Au:N/C:N/I:N/A:P |
Access Vector | Network | Network |
Access Complexity | Low | Medium |
Authentication | None | None |
Confidentiality Impact | Partial | None |
Integrity Impact | None | None |
Availability Impact | Partial | Partial |
National Vulnerability Database | |
---|---|
Base Score | 8.2 |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H |
Attack Vector | Network |
Attack Complexity | Low |
Privileges Required | None |
User Interaction | None |
Scope | Unchanged |
Confidentiality Impact | Low |
Integrity Impact | None |
Availability Impact | High |
CVSSv3 Version | 3 |
SUSE Security Advisories:
- SUSE-SU-2016:1145-1, published Mon Apr 25 11:08:06 MDT 2016
- SUSE-SU-2016:1166-1, published Wed Apr 27 12:08:02 MDT 2016
- SUSE-SU-2016:1581-1, published Tue Jun 14 12:07:57 MDT 2016
- SUSE-SU-2016:1638-1, published Tue Jun 21 05:08:16 MDT 2016
- openSUSE-SU-2016:1167-1, published Fri Dec 8 15:48:59 2023
- openSUSE-SU-2016:1173-1, published Fri Dec 8 15:48:59 2023
List of released packages
Product(s) | Fixed package version(s) | References |
---|---|---|
SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 |
| Patchnames: sdksp4-php53-12527 sdksp4-php53-12611 |
SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server for SAP Applications 12 SP1 SUSE Linux Enterprise Software Development Kit 12 SP1 |
| Patchnames: SUSE-SLE-SDK-12-SP1-2016-688 |
SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Software Development Kit 12 SP2 |
| Patchnames: SUSE Linux Enterprise Software Development Kit 12 SP2 GA php5-devel-5.5.14-73.1 |
SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Software Development Kit 12 SP3 |
| Patchnames: SUSE Linux Enterprise Software Development Kit 12 SP3 GA php5-devel-5.5.14-108.1 |
SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 |
| Patchnames: SUSE Linux Enterprise Software Development Kit 12 SP4 GA php5-devel-5.5.14-109.41.1 |
SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Software Development Kit 12 |
| Patchnames: SUSE-SLE-SDK-12-2016-688 |
SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Web and Scripting 12 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP5 |
| Patchnames: SUSE-SLE-Module-Web-Scripting-12-2016-688 |
SUSE Linux Enterprise Server 11 SP2-LTSS |
| Patchnames: slessp2-php53-12621 |
SUSE Linux Enterprise Server 11 SP3-LTSS |
| Patchnames: slessp3-php53-12611 |
SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 |
| Patchnames: sdksp4-php53-12527 sdksp4-php53-12611 slessp4-php53-12527 slessp4-php53-12611 |
SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP3 |
| Patchnames: SUSE Linux Enterprise Software Development Kit 12 SP3 GA php5-devel-5.5.14-108.1 SUSE-SLE-Module-Web-Scripting-12-2016-688 |
SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 |
| Patchnames: SUSE Linux Enterprise Software Development Kit 12 SP4 GA php5-devel-5.5.14-109.41.1 SUSE-SLE-Module-Web-Scripting-12-2016-688 |
SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server for SAP Applications 12 |
| Patchnames: SUSE-SLE-Module-Web-Scripting-12-2016-688 SUSE-SLE-SDK-12-2016-688 |
SUSE Manager 2.1 |
| Patchnames: sleman21-php53-12611 |
SUSE Manager Proxy 2.1 |
| Patchnames: slemap21-php53-12611 |
SUSE OpenStack Cloud 5 |
| Patchnames: sleclo50sp3-php53-12611 |
SUSE Timeline for this CVE
CVE page created: Fri Oct 7 12:47:36 2022CVE page last modified: Thu Jul 25 16:34:18 2024