Description
The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1352.
References (11)
Core 11
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1187.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1032709
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1186.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2015/dsa-3344
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/75292
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2015/06/18/6
Various Sources x_refsource_confirm
http://php.net/ChangeLog-5.php
Various Sources x_refsource_confirm
https://bugs.php.net/bug.php?id=69667
Various Sources x_refsource_confirm
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=2cc4e69cc6d8dbc4b3568ad3dd583324a7c11d64
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201606-10
Scores
CVSS v3
7.5
EPSS
0.0989
EPSS Percentile
93.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
Status
published
Products (39)
php/php
5.5.0
php/php
5.5.1
php/php
5.5.2
php/php
5.5.3
php/php
5.5.4
php/php
5.5.5
php/php
5.5.6
php/php
5.5.7
php/php
5.5.8
php/php
5.5.9
... and 29 more
Published
May 16, 2016
Tracked Since
Feb 18, 2026