Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code via a long zip:// URL, as demonstrated by actively triggering URL access from a remote PHP interpreter via avatar upload or blog pingback.
Attack Parameters
Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
None
No privileges needed
User Interaction
None
No user interaction needed
Impact Assessment
Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
High
Complete denial of service
CVSS Vector v3.1
Vulnerable Products 3
| Configuration | From (including) | Up to (excluding) |
|---|---|---|
|
Php Php
cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*
|
— | — |
|
Php Php
cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*
|
— | — |
|
Pierrejoye Php_Zip
cpe:2.3:a:pierrejoye:php_zip:*:*:*:*:*:php:*:*
|
— |
1.8.4
|
References 10
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html
cve@mitre.org
http://secunia.com/advisories/24471
cve@mitre.org
http://secunia.com/advisories/24514
cve@mitre.org
http://secunia.com/advisories/25938
cve@mitre.org
http://www.debian.org/security/2007/dsa-1330
cve@mitre.org
http://www.osvdb.org/32782
cve@mitre.org
http://www.php-security.org/MOPB/MOPB-16-2007.html
cve@mitre.org
http://www.securityfocus.com/bid/22883
cve@mitre.org
http://www.vupen.com/english/advisories/2007/0898
cve@mitre.org
https://exchange.xforce.ibmcloud.com/vulnerabilities/32889
cve@mitre.org