Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

0

CVE-2015-4604

Disclosure Date: May 16, 2016 •

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relationship, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a “Python script text executable” rule.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

php,
redhat

Products

References

Canonical

CVE-2015-4604 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4604)

BID-75241 (http://www.securityfocus.com/bid/75241)

Advisory

http://rhn.redhat.com/errata/RHSA-2015-1187.html

SECTRACK-1032709 (http://www.securitytracker.com/id/1032709)

http://rhn.redhat.com/errata/RHSA-2015-1186.html

https://bugs.php.net/bug.php?id=68819

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

http://php.net/ChangeLog-5.php

[oss-security] 20150616 Re: CVE Request: various issues in PHP (http://www.openwall.com/lists/oss-security/2015/06/16/12)

http://git.php.net?p=php-src.git;a=commit;h=f938112c495b0d26572435c0be73ac0bfe642ecd

http://rhn.redhat.com/errata/RHSA-2015-1135.html

Rapid7

Technical Analysis