Launchpad CVE tracker

CVE 2015-1352

The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name.

Related bugs and status

CVE-2015-1352 (Candidate) is related to these bugs:

Bug #1445240: UPDATE REQUEST: php54 5.4.40 is available upstream

Summary				In	Importance	Status
	1445240	UPDATE REQUEST: php54 5.4.40 is available upstream		IUS Community Project	Undecided	Fix Released

Bug #1445241: UPDATE REQUEST: php54-pgsql84 5.4.40 is available upstream

Summary				In	Importance	Status
	1445241	UPDATE REQUEST: php54-pgsql84 5.4.40 is available upstream		IUS Community Project	Undecided	Fix Released

Bug #1445242: UPDATE REQUEST: php56u 5.6.8 is available upstream

Summary				In	Importance	Status
	1445242	UPDATE REQUEST: php56u 5.6.8 is available upstream		IUS Community Project	Undecided	Fix Released

Bug #1445243: UPDATE REQUEST: php55u 5.5.24 is available upstream

Summary				In	Importance	Status
	1445243	UPDATE REQUEST: php55u 5.5.24 is available upstream		IUS Community Project	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2015-1352

References