What is CVE-2015-4643?

CVE-2015-4643 is a critical-severity vulnerability in Oracle Linux, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 9.8/10. Published 2016-05-16.

How severe is CVE-2015-4643?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Buffer overflow in Oracle Linux

CVE-2015-4643

Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-base…

Vulnerability class: Buffer Overflow

EPSS: 0.087 (92.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Oracle Linux — versions 6, 7
Php
Debian Debian_linux — versions 7.0, 8.0
Redhat Enterprise_linux_desktop — versions 6.0, 7.0
Redhat Enterprise_linux_server — versions 6.0, 7.0
Redhat Enterprise_linux_server_aus — versions 6.6, 7.3, 7.4
Redhat Enterprise_linux_server_eus — versions 6.6, 7.1, 7.2
Redhat Enterprise_linux_server_tus — versions 6.6, 7.3, 7.6
Redhat Enterprise_linux_workstation — versions 6.0, 7.0
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

RHSA-2015:1187 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Exploit, Issue Tracking, Vendor Advisory)
1032709 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
RHSA-2015:1186 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
DSA-3344 (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)
[oss-security] 20150618 Re: PHP 5.6.10 / 5.5.26 / 5.4.42 CVE request (mailing-list, x_refsource_MLIST, Patch, Mailing List, Third Party Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Release Notes, Vendor Advisory)
75291 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
RHSA-2015:1135 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)

Frequently asked questions

What is CVE-2015-4643?: CVE-2015-4643 is a critical-severity vulnerability in Oracle Linux, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 9.8/10. Published 2016-05-16.
How severe is CVE-2015-4643?: Critical severity. CVSS v3 base score is 9.8 out of 10.