CVE-2015-1352
Published: 26 January 2015
The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name.
Priority
Status
Package | Release | Status |
---|---|---|
php5 Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
lucid |
Not vulnerable
(code not present)
|
|
precise |
Not vulnerable
(code not present)
|
|
trusty |
Released
(5.5.9+dfsg-1ubuntu4.6)
|
|
utopic |
Released
(5.5.12+dfsg-2ubuntu4.2)
|
|
Patches: upstream: http://git.php.net/?p=php-src.git;a=commit;h=124fb22a13fafa3648e4e15b4f207c7096d8155e |