CVE-2015-2331
Public on 2015-03-30
Modified on 2015-04-15
Description
An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libzip, which is also embedded in PHP, processed certain ZIP archives. If an attacker were able to supply a specially crafted ZIP archive to an application using libzip, it could cause the application to crash or, possibly, execute arbitrary code.
Severity
Important
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | php54 | 2015-04-15 | ALAS-2015-506 | Fixed |
| Amazon Linux 1 | php55 | 2015-04-15 | ALAS-2015-507 | Fixed |
| Amazon Linux 1 | php56 | 2015-04-15 | ALAS-2015-508 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv2 | 6.8 | AV:N/AC:M/Au:N/C:P/I:P/A:P |
| NVD | CVSSv2 | 7.5 | AV:N/AC:L/Au:N/C:P/I:P/A:P |