CVE-2015-2331: Buffer Overflow
First published: Mon Mar 30 2015(Updated: )
Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| libzip | <=0.11.2 | |
| PHP | <=5.4.38 | |
| PHP | =5.5.0 | |
| PHP | =5.5.0-alpha1 | |
| PHP | =5.5.0-alpha2 | |
| PHP | =5.5.0-alpha3 | |
| PHP | =5.5.0-alpha4 | |
| PHP | =5.5.0-alpha5 | |
| PHP | =5.5.0-alpha6 | |
| PHP | =5.5.0-beta1 | |
| PHP | =5.5.0-beta2 | |
| PHP | =5.5.0-beta3 | |
| PHP | =5.5.0-beta4 | |
| PHP | =5.5.0-rc1 | |
| PHP | =5.5.0-rc2 | |
| PHP | =5.5.1 | |
| PHP | =5.5.2 | |
| PHP | =5.5.3 | |
| PHP | =5.5.4 | |
| PHP | =5.5.5 | |
| PHP | =5.5.6 | |
| PHP | =5.5.7 | |
| PHP | =5.5.8 | |
| PHP | =5.5.9 | |
| PHP | =5.5.10 | |
| PHP | =5.5.11 | |
| PHP | =5.5.12 | |
| PHP | =5.5.13 | |
| PHP | =5.5.14 | |
| PHP | =5.5.15 | |
| PHP | =5.5.16 | |
| PHP | =5.5.17 | |
| PHP | =5.5.18 | |
| PHP | =5.5.19 | |
| PHP | =5.5.20 | |
| PHP | =5.5.21 | |
| PHP | =5.5.22 | |
| PHP | =5.6.0-alpha1 | |
| PHP | =5.6.0-alpha2 | |
| PHP | =5.6.0-alpha3 | |
| PHP | =5.6.0-alpha4 | |
| PHP | =5.6.0-alpha5 | |
| PHP | =5.6.0-beta1 | |
| PHP | =5.6.0-beta2 | |
| PHP | =5.6.0-beta3 | |
| PHP | =5.6.0-beta4 | |
| PHP | =5.6.1 | |
| PHP | =5.6.2 | |
| PHP | =5.6.3 | |
| PHP | =5.6.4 | |
| PHP | =5.6.5 | |
| PHP | =5.6.6 | |
| Debian Linux | =7.0 | |
| Red Hat Fedora | =22 | |
| openSUSE | =13.1 | |
| openSUSE | =13.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://git.php.net/?p=php-src.git;a=commit;h=ef8fc4b53d92fbfcd8ef1abbd6f2f5fe2c4a11e5
- http://hg.nih.at/libzip/rev/9f11d54f692e
- http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154266.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154276.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154666.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155299.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155622.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153983.html
- http://lists.opensuse.org/opensuse-updates/2015-03/msg00083.html
- http://lists.opensuse.org/opensuse-updates/2015-04/msg00002.html
- http://marc.info/?l=bugtraq&m=143403519711434&w=2
- http://marc.info/?l=bugtraq&m=143748090628601&w=2
- http://marc.info/?l=bugtraq&m=144050155601375&w=2
- http://php.net/ChangeLog-5.php
- http://www.debian.org/security/2015/dsa-3198
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:079
- http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
- http://www.securitytracker.com/id/1031985
- https://bugs.php.net/bug.php?id=69253
- https://support.apple.com/HT205267
- http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=ef8fc4b53d92fbfcd8ef1abbd6f2f5fe2c4a11e5
Frequently Asked Questions
What is the severity of CVE-2015-2331?
The severity of CVE-2015-2331 is considered to be high due to the potential for denial of service and possible remote code execution.
How do I fix CVE-2015-2331?
To fix CVE-2015-2331, update the affected software to a version that is not susceptible to this vulnerability, such as libzip version 0.11.3 or later, or PHP versions 5.4.39, 5.5.23, or 5.6.7 and later.
Who is affected by CVE-2015-2331?
CVE-2015-2331 affects users of libzip versions up to 0.11.2 and PHP versions before 5.4.39, as well as various other products reliant on these libraries.
What kind of attack can be executed with CVE-2015-2331?
CVE-2015-2331 can be exploited to crash applications, causing denial of service, and could potentially lead to remote code execution under certain conditions.
When was CVE-2015-2331 discovered?
CVE-2015-2331 was publicly disclosed in 2015.
- agent/type
- agent/severity
- agent/weakness
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/nih
- canonical/libzip
- version/libzip/0.11.2
- vendor/php
- canonical/php
- version/php/5.4.38
- version/php/5.5.0
- version/php/5.5.0-alpha1
- version/php/5.5.0-alpha2
- version/php/5.5.0-alpha3
- version/php/5.5.0-alpha4
- version/php/5.5.0-alpha5
- version/php/5.5.0-alpha6
- version/php/5.5.0-beta1
- version/php/5.5.0-beta2
- version/php/5.5.0-beta3
- version/php/5.5.0-beta4
- version/php/5.5.0-rc1
- version/php/5.5.0-rc2
- version/php/5.5.1
- version/php/5.5.2
- version/php/5.5.3
- version/php/5.5.4
- version/php/5.5.5
- version/php/5.5.6
- version/php/5.5.7
- version/php/5.5.8
- version/php/5.5.9
- version/php/5.5.10
- version/php/5.5.11
- version/php/5.5.12
- version/php/5.5.13
- version/php/5.5.14
- version/php/5.5.15
- version/php/5.5.16
- version/php/5.5.17
- version/php/5.5.18
- version/php/5.5.19
- version/php/5.5.20
- version/php/5.5.21
- version/php/5.5.22
- version/php/5.6.0-alpha1
- version/php/5.6.0-alpha2
- version/php/5.6.0-alpha3
- version/php/5.6.0-alpha4
- version/php/5.6.0-alpha5
- version/php/5.6.0-beta1
- version/php/5.6.0-beta2
- version/php/5.6.0-beta3
- version/php/5.6.0-beta4
- version/php/5.6.1
- version/php/5.6.2
- version/php/5.6.3
- version/php/5.6.4
- version/php/5.6.5
- version/php/5.6.6
- vendor/debian
- canonical/debian linux
- version/debian linux/7.0
- vendor/fedoraproject
- canonical/red hat fedora
- version/red hat fedora/22
- vendor/opensuse
- canonical/opensuse
- version/opensuse/13.1
- version/opensuse/13.2