CVE-2016-2554

Public on 2016-04-13
Modified on 2016-04-13
Description
Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TAR archive.
Severity
Low severity
Low
CVSS v3 Base Score
2.6
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 1 php55 2016-04-13 ALAS-2016-685 Fixed
Amazon Linux 1 php56 2016-04-13 ALAS-2016-685 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv2 2.6 AV:N/AC:H/Au:N/C:N/I:N/A:P
NVD CVSSv2 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C
NVD CVSSv3 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

Red Hat: CVE-2016-2554 Mitre: CVE-2016-2554