Signature Detail

HTTP: PHP Group PHP ZIP Buffer Overflow

This signature detects attempts to exploit a known vulnerability in the PHP. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the PHP.

Extended Description

Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow.

Affected Products

• Debian debian_linux 7.0
• Fedoraproject fedora 22
• Nih libzip 0.11.2
• Opensuse opensuse 13.1
• Opensuse opensuse 13.2
• Php php 5.4.38
• Php php 5.5.0
• Php php 5.5.1
• Php php 5.5.10
• Php php 5.5.11
• Php php 5.5.12
• Php php 5.5.13
• Php php 5.5.14
• Php php 5.5.15
• Php php 5.5.16
• Php php 5.5.17
• Php php 5.5.18
• Php php 5.5.19
• Php php 5.5.2
• Php php 5.5.20
• Php php 5.5.21
• Php php 5.5.22
• Php php 5.5.3
• Php php 5.5.4
• Php php 5.5.5
• Php php 5.5.6
• Php php 5.5.7
• Php php 5.5.8
• Php php 5.5.9
• Php php 5.6.0
• Php php 5.6.1
• Php php 5.6.2
• Php php 5.6.3
• Php php 5.6.4
• Php php 5.6.5
• Php php 5.6.6

References

• CVE: CVE-2015-2331