CVE-2015-4644

The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1352.

CVSS v3.0 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3.0 : HIGH

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://bugs.php.net/bug.php?id=69667
http://php.net/ChangeLog-5.php
http://git.php.net/?p=php-src.git;a=commit;h=2cc4e69cc6d8dbc4b3568ad3dd583324a7c11d64
http://openwall.com/lists/oss-security/2015/06/18/6
http://www.securityfocus.com/bid/75292
http://rhn.redhat.com/errata/RHSA-2015-1187.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
https://security.gentoo.org/glsa/201606-10
http://rhn.redhat.com/errata/RHSA-2015-1186.html
http://www.securitytracker.com/id/1032709
http://www.debian.org/security/2015/dsa-3344

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:php:php:5.6.5:::::::*
	cpe:2.3:a:php:php:5.6.4:::::::*
	cpe:2.3:a:php:php:5.5.21:::::::*
	cpe:2.3:a:php:php:5.5.20:::::::*
	cpe:2.3:a:php:php:5.5.13:::::::*
	cpe:2.3:a:php:php:5.5.12:::::::*
	cpe:2.3:a:php:php:5.5.4:::::::*
	cpe:2.3:a:php:php:5.5.3:::::::*
	cpe:2.3:a:php:php:5.5.25:::::::*
	cpe:2.3:a:php:php:5.6.3:::::::*
	cpe:2.3:a:php:php:5.6.2:::::::*
	cpe:2.3:a:php:php:5.6.1:::::::*
	cpe:2.3:a:php:php:5.5.19:::::::*
	cpe:2.3:a:php:php:5.5.0:::::::*
	cpe:2.3:a:php:php:5.5.16:::::::*
	cpe:2.3:a:php:php:5.6.0:::::::*
	cpe:2.3:a:php:php:5.5.1:::::::*
	cpe:2.3:a:php:php:5.6.6:::::::*
	cpe:2.3:a:php:php:5.5.17:::::::*
	cpe:2.3:a:php:php:5.5.7:::::::*
	cpe:2.3:a:php:php:5.6.7:::::::*
	cpe:2.3:a:php:php:5.5.23:::::::*
	cpe:2.3:a:php:php:5.5.8:::::::*
	cpe:2.3:a:php:php:5.5.24:::::::*
	cpe:2.3:a:php:php:5.5.11:::::::*
	cpe:2.3:a:php:php::::::::
	cpe:2.3:a:php:php:5.6.9:::::::*
	cpe:2.3:a:php:php:5.5.10:::::::*
	cpe:2.3:a:php:php:5.5.22:::::::*
	cpe:2.3:a:php:php:5.6.8:::::::*
	cpe:2.3:a:php:php:5.5.18:::::::*
	cpe:2.3:a:php:php:5.5.2:::::::*
	cpe:2.3:a:php:php:5.5.9:::::::*
	cpe:2.3:a:php:php:5.5.5:::::::*
	cpe:2.3:a:php:php:5.5.14:::::::*
	cpe:2.3:a:php:php:5.5.6:::::::*
	cpe:2.3:a:php:php:5.5.15:::::::*

Information

Published : 2016-05-16 03:59

Updated : 2019-04-22 10:48

NVD link : CVE-2015-4644

Mitre link : CVE-2015-4644

JSON object : View

CWE

NVD-CWE-Other

Products Affected

redhat

enterprise_linux

php

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://bugs.php.net/bug.php?id=69667", "name": "https://bugs.php.net/bug.php?id=69667", "tags": [], "refsource": "CONFIRM"}, {"url": "http://php.net/ChangeLog-5.php", "name": "http://php.net/ChangeLog-5.php", "tags": [], "refsource": "CONFIRM"}, {"url": "http://git.php.net/?p=php-src.git;a=commit;h=2cc4e69cc6d8dbc4b3568ad3dd583324a7c11d64", "name": "http://git.php.net/?p=php-src.git;a=commit;h=2cc4e69cc6d8dbc4b3568ad3dd583324a7c11d64", "tags": [], "refsource": "CONFIRM"}, {"url": "http://openwall.com/lists/oss-security/2015/06/18/6", "name": "[oss-security] 20150618 Re: PHP 5.6.10 / 5.5.26 / 5.4.42 CVE request", "tags": [], "refsource": "MLIST"}, {"url": "http://www.securityfocus.com/bid/75292", "name": "75292", "tags": [], "refsource": "BID"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-1187.html", "name": "RHSA-2015:1187", "tags": [], "refsource": "REDHAT"}, {"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", "tags": [], "refsource": "CONFIRM"}, {"url": "https://security.gentoo.org/glsa/201606-10", "name": "GLSA-201606-10", "tags": [], "refsource": "GENTOO"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-1186.html", "name": "RHSA-2015:1186", "tags": [], "refsource": "REDHAT"}, {"url": "http://www.securitytracker.com/id/1032709", "name": "1032709", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.debian.org/security/2015/dsa-3344", "name": "DSA-3344", "tags": [], "refsource": "DEBIAN"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1352."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2015-4644", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}}, "publishedDate": "2016-05-16T10:59Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.24:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "5.4.41"}, {"cpe23Uri": "cpe:2.3:a:php:php:5.6.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.6.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2019-04-22T17:48Z"}

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2015-4644

7.5^/10

5.0^/10

Attach tags to `CVE-2015-4644`