High severity7.5NVD Advisory· Published May 16, 2016· Updated May 6, 2026
CVE-2015-4644
CVE-2015-4644
Description
The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1352.
Affected products
39cpe:2.3:a:php:php:*:*:*:*:*:*:*:*+ 36 more
- cpe:2.3:a:php:php:*:*:*:*:*:*:*:*range: <=5.4.41
- cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.5.14:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.5.15:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.5.16:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.5.17:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.5.18:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.5.19:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.5.20:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.5.21:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.5.22:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.5.23:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.5.24:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.5.25:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.6.9:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
11- git.php.netnvd
- openwall.com/lists/oss-security/2015/06/18/6nvd
- php.net/ChangeLog-5.phpnvd
- rhn.redhat.com/errata/RHSA-2015-1186.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-1187.htmlnvd
- www.debian.org/security/2015/dsa-3344nvd
- www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlnvd
- www.securityfocus.com/bid/75292nvd
- www.securitytracker.com/id/1032709nvd
- bugs.php.net/bug.phpnvd
- security.gentoo.org/glsa/201606-10nvd
News mentions
0No linked articles in our index yet.