Fluid Attacks Database

Description

An integer overflow flaw leading to a heap-based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel5	php	-	-
rpm rhel5	php53	-	-
rpm rhel7	php	<0:5.4.16-36.el7_1	0:5.4.16-36.el7_1
rpm rhel6	php	<0:5.3.3-46.el6_6	0:5.3.3-46.el6_6

Aliases

1. CVE-2015-40222. NVD-2015-40223. OSV-2015-4022

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.