CVE

Id
81921  
CVE No.
CVE-2015-4644  
Status
Candidate  
Description
The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1352.  
Phase
Assigned (20150618)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
735256 81921 CVE-2015-4644 MLIST:[oss-security] 20150618 Re: PHP 5.6.10 / 5.5.26 / 5.4.42 CVE request  View
735257 81921 CVE-2015-4644 URL:http://openwall.com/lists/oss-security/2015/06/18/6  View
735258 81921 CVE-2015-4644 CONFIRM:http://git.php.net/?p=php-src.git;a=commit;h=2cc4e69cc6d8dbc4b3568ad3dd583324a7c11d64  View
735259 81921 CVE-2015-4644 CONFIRM:http://php.net/ChangeLog-5.php  View
735260 81921 CVE-2015-4644 CONFIRM:https://bugs.php.net/bug.php?id=69667  View
735261 81921 CVE-2015-4644 CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html  View
735262 81921 CVE-2015-4644 GENTOO:GLSA-201606-10  View
735263 81921 CVE-2015-4644 URL:https://security.gentoo.org/glsa/201606-10  View
735264 81921 CVE-2015-4644 REDHAT:RHSA-2015:1187  View
735265 81921 CVE-2015-4644 URL:http://rhn.redhat.com/errata/RHSA-2015-1187.html  View
735266 81921 CVE-2015-4644 REDHAT:RHSA-2015:1186  View
735267 81921 CVE-2015-4644 URL:http://rhn.redhat.com/errata/RHSA-2015-1186.html  View
735268 81921 CVE-2015-4644 BID:75292  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
8037 JVNDB-2015-003357 libwmf におけるサービス運用妨害 (DoS) の脆弱性 libwmf には、解放済みメモリの使用 (Use-after-free) により、サービス運用妨害 (クラッシュ) 状態にされる脆弱性が存在します。 CVE-2015-4696 81921 4.3 http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-003357.html  View