CVE-2015-4644

NameCVE-2015-4644
DescriptionThe php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1352.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-307-1, DSA-3344-1
NVD severitymedium (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
php5 (PTS)wheezy5.4.45-0+deb7u2fixed
wheezy (security)5.4.45-0+deb7u11fixed
jessie (security), jessie5.6.30+dfsg-0+deb8u1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
php5source(unstable)5.6.11+dfsg-1medium
php5sourcejessie5.6.12+dfsg-0+deb8u1mediumDSA-3344-1
php5sourcesqueeze5.3.3.1-7+squeeze27mediumDLA-307-1
php5sourcewheezy5.4.44-0+deb7u1mediumDSA-3344-1

Notes

Fixed in 5.6.10 / 5.5.26 / 5.4.42
https://bugs.php.net/bug.php?id=69667
http://git.php.net/?p=php-src.git;a=commitdiff;h=2cc4e69cc6d8dbc4b3568ad3dd583324a7c11d64
http://www.openwall.com/lists/oss-security/2015/06/18/3

Search for package or bug name: Reporting problems