PHP mget Function Denial of Service Vulnerability (CVE-2015-4604)
PHP mget Function Denial of Service Vulnerability (CVE-2015-4604)
Release date:
Updated on:
Affected Systems:
PHP <5.4.40
PHP 5.6.x <5.6.8
PHP 5.5.x <5.5.24
Description:
CVE (CAN) ID: CVE-2015-4604
PHP is a widely used scripting language. It is especially suitable for Web development and can be embedded into HTML.
PHP <5.4.40, 5.5.x <5.5.24, 5.6.x <5.6.8, Fileinfo component/file 5.x/ softmagic. the c/mget function does not properly maintain certain pointer relationships. Remote attackers can cause DoS by constructing strings.
<* Source: PHP
*>
Suggestion:
Vendor patch:
PHP
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://php.net/ChangeLog-5.php
Http://php.net/ChangeLog-7.php
This article permanently updates the link address: