{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-06-11T00:00:00", "descriptions": [{"lang": "en", "value": "The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1352."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-03T18:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2015:1187", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1187.html"}, {"name": "1032709", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1032709"}, {"name": "RHSA-2015:1186", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1186.html"}, {"name": "DSA-3344", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3344"}, {"name": "75292", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/75292"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"}, {"name": "[oss-security] 20150618 Re: PHP 5.6.10 / 5.5.26 / 5.4.42 CVE request", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2015/06/18/6"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://php.net/ChangeLog-5.php"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.php.net/bug.php?id=69667"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=2cc4e69cc6d8dbc4b3568ad3dd583324a7c11d64"}, {"name": "GLSA-201606-10", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201606-10"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-4644", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1352."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "RHSA-2015:1187", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-1187.html"}, {"name": "1032709", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1032709"}, {"name": "RHSA-2015:1186", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-1186.html"}, {"name": "DSA-3344", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3344"}, {"name": "75292", "refsource": "BID", "url": "http://www.securityfocus.com/bid/75292"}, {"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"}, {"name": "[oss-security] 20150618 Re: PHP 5.6.10 / 5.5.26 / 5.4.42 CVE request", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2015/06/18/6"}, {"name": "http://php.net/ChangeLog-5.php", "refsource": "CONFIRM", "url": "http://php.net/ChangeLog-5.php"}, {"name": "https://bugs.php.net/bug.php?id=69667", "refsource": "CONFIRM", "url": "https://bugs.php.net/bug.php?id=69667"}, {"name": "http://git.php.net/?p=php-src.git;a=commit;h=2cc4e69cc6d8dbc4b3568ad3dd583324a7c11d64", "refsource": "CONFIRM", "url": "http://git.php.net/?p=php-src.git;a=commit;h=2cc4e69cc6d8dbc4b3568ad3dd583324a7c11d64"}, {"name": "GLSA-201606-10", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201606-10"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-4644", "datePublished": "2016-05-16T10:00:00", "dateReserved": "2015-06-18T00:00:00", "dateUpdated": "2017-11-03T18:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "51E65991-DA29-4501-9B30-6719C5CEDAA2", "versionEndIncluding": "5.4.41", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "9F6D9B19-E64D-4BED-9194-17460CE19E6F", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "F644EA6C-50C6-4A1C-A4AC-287AA9477B46", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "4DD47F30-74F5-48E8-8657-C2373FE2BD22", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "0C09527B-6B47-41F8-BDE6-01C47E452286", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "2E454D87-23CB-4D7F-90FE-942EE54D661F", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*", "matchCriteriaId": "1031E646-F2CF-4A3E-8E6A-5D4BC950BEDA", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*", "matchCriteriaId": "130E50C1-D209-4CFF-9399-69D561340FBB", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*", "matchCriteriaId": "C1F29948-9417-460B-8B04-D91AE4E8B423", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*", "matchCriteriaId": "A37D00C1-4F41-4400-9CE4-8E8BAA3E4142", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:*", "matchCriteriaId": "093D08B7-CC3C-4616-8697-F15B253A7D9A", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*", "matchCriteriaId": "E9CD8FEE-DE7B-47CB-9985-4092BFA071D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*", "matchCriteriaId": "A30B2D9E-F289-43C9-BFBC-1CEF284A417E", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:*", "matchCriteriaId": "FE41CFDF-8ECD-41C1-94A7-5AFD42C5DDEA", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:*", "matchCriteriaId": "6AEAC9BA-AF82-4345-839C-D339DCB962A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.5.14:*:*:*:*:*:*:*", "matchCriteriaId": "1EFE682F-52E3-48EC-A993-F522FC29712F", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.5.15:*:*:*:*:*:*:*", "matchCriteriaId": "840EE3AC-5293-4F33-9E2C-96A0A2534B02", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.5.16:*:*:*:*:*:*:*", "matchCriteriaId": "1C0FC407-96DB-425E-BB57-7A5BA839C37F", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.5.17:*:*:*:*:*:*:*", "matchCriteriaId": "D3839C81-3DAB-4E1D-9D95-BEFFD491F43D", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.5.18:*:*:*:*:*:*:*", "matchCriteriaId": "AC63A449-5D92-4F5F-8186-B58FFFBA54FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.5.19:*:*:*:*:*:*:*", "matchCriteriaId": "F18236F6-2065-4A6A-93E7-FD90E650C689", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.5.20:*:*:*:*:*:*:*", "matchCriteriaId": "DEFBA84A-A4E4-438B-B9B5-8549809DCECC", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.5.21:*:*:*:*:*:*:*", "matchCriteriaId": "146D3DC9-50F4-430B-B321-68ECE78879A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.5.22:*:*:*:*:*:*:*", "matchCriteriaId": "1D5A7CA6-7653-46C5-8DF7-95584BF7A879", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.5.23:*:*:*:*:*:*:*", "matchCriteriaId": "C5BA8300-2F4D-4C1E-8CCE-F45E8F3547A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.5.24:*:*:*:*:*:*:*", "matchCriteriaId": "59A42F02-F363-4C13-BE83-19F757B84455", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.5.25:*:*:*:*:*:*:*", "matchCriteriaId": "423ECD5F-5611-4D9A-8BE8-E4DC1527AF58", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "CE65D0D4-CB56-4946-AB44-2EF554602A96", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "F1F13E2D-A8F7-4B74-8D03-7905C81672C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "AE18933A-5FE6-41C7-B1B6-DA3E762C3FB6", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "9AE1289F-03A6-4621-B387-5F5ADAC4AE92", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "383697F5-D29E-475A-84F3-46B54A928889", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "786ED182-5D71-4197-9196-12AB5CF05F85", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*", "matchCriteriaId": "BF90980D-74AD-44AA-A7C5-A0B294CCE4F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*", "matchCriteriaId": "48D6B69C-8F27-4F4C-B953-67A7F9C2FBA5", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.6.8:*:*:*:*:*:*:*", "matchCriteriaId": "B53DC0C3-EA19-4465-B65A-BC7CDB10D8BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.6.9:*:*:*:*:*:*:*", "matchCriteriaId": "BEA4DFC1-6C0C-42FB-9F47-E3E1AA9E47E0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1352."}, {"lang": "es", "value": "La funci\u00f3n php_pgsql_meta_data en pgsql.c en la extensi\u00f3n PostgreSQL (tambi\u00e9n conocida como pgsql) en PHP en versiones anteriores a 5.4.42, 5.5.x en versiones anteriores a 5.5.26 y 5.6 en versiones anteriores a 5.6.10 no tiene una extraci\u00f3n de contador v\u00e1lido para nombres de tabla, lo que podr\u00eda permitir a atacantes remotos provocar una denegaci\u00f3n de servicio (referencia a puntero NULL y ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de un nombre manipulado. NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incompleta de CVE-2015-1352."}], "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/476.html\">CWE-476: NULL Pointer Dereference</a>", "id": "CVE-2015-4644", "lastModified": "2023-11-07T02:25:55.633", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-05-16T10:59:16.503", "references": [{"source": "secalert@redhat.com", "url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=2cc4e69cc6d8dbc4b3568ad3dd583324a7c11d64"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2015/06/18/6"}, {"source": "secalert@redhat.com", "url": "http://php.net/ChangeLog-5.php"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-1186.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-1187.html"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2015/dsa-3344"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/75292"}, {"source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id/1032709"}, {"source": "secalert@redhat.com", "url": "https://bugs.php.net/bug.php?id=69667"}, {"source": "secalert@redhat.com", "url": "https://security.gentoo.org/glsa/201606-10"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}