CVE-2015-4022

Public on 2015-06-02
Modified on 2015-06-02
Description
An integer overflow flaw leading to a heap-based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code.
Severity
Medium severity
Medium
CVSS v3 Base Score
5.1
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 1 php54 2015-06-02 ALAS-2015-534 Fixed
Amazon Linux 1 php55 2015-06-02 ALAS-2015-535 Fixed
Amazon Linux 1 php56 2015-06-02 ALAS-2015-536 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv2 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P
NVD CVSSv2 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P