ALAS-2015-508 --- php56ID: oval:org.secpod.oval:def:1200063 | Date: (C)2015-12-29 (M)2024-02-19 |
Class: PATCH | Family: unix |
A use-after-free flaw was found in the way PHP"s unserialize function processed data. If a remote attacker was able to pass crafted input to PHP"s unserialize function, they could cause the PHP interpreter to crash or, possibly, execute arbitrary code. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libzip, which is also embedded in PHP, processed certain ZIP archives. If an attacker were able to supply a specially crafted ZIP archive to an application using libzip, it could cause the application to crash or, possibly, execute arbitrary code. Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow
Platform: |
Amazon Linux AMI |