Unrated severityNVD Advisory· Published Mar 30, 2015· Updated May 6, 2026

CVE-2015-1352

Description

The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name.

Affected products

PHP/PHP
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
Range: <5.4.40
Apple Inc./Mac Os X
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Range: <=10.10.5
osv-coords3 versions
pkg:rpm/opensuse/php5&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/php7&distro=openSUSE%20Tumbleweed pkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSS
< 5.6.28-1.1+ 2 more
- (no CPE)range: < 5.6.28-1.1
- (no CPE)range: < 7.0.14-1.4
- (no CPE)range: < 5.3.17-47.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugs.php.net/bug.phpnvdExploitVendor Advisory
lists.apple.com/archives/security-announce/2015/Sep/msg00008.htmlnvdMailing ListThird Party Advisory
marc.infonvdMailing ListThird Party Advisory
openwall.com/lists/oss-security/2015/01/24/9nvdMailing ListThird Party Advisory
rhn.redhat.com/errata/RHSA-2015-1053.htmlnvdThird Party Advisory
www.mandriva.com/security/advisoriesnvdThird Party Advisory
www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlnvdThird Party Advisory
www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlnvdThird Party Advisory
www.securityfocus.com/bid/71932nvdThird Party AdvisoryVDB Entry
security.gentoo.org/glsa/201606-10nvdThird Party Advisory
support.apple.com/HT205267nvdThird Party Advisory
git.php.netnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.025
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000