CVE-2015-4022

Name: CVE-2015-4022
Creator: NVD / NIST
Published: 2015-06-09T18:59:05.833+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 20.31%

Last modified Jun 17, 2026

CVE-2015-4022 is a vulnerability of currently unknown severity. Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow.. EPSS estimates a 20.31% chance of exploitation in the next 30 days.

Description

Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow.

Metrics

EPSS Probability

20.31%

97.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-189

Affected Software

Vendor	Product	Versions	Update
Redhat	Enterprise Linux Desktop	7.0	—
Redhat	Enterprise Linux Hpc Node	7.0	—
Redhat	Enterprise Linux Hpc Node Eus	7.1	—
Redhat	Enterprise Linux Server	7.0	—
Redhat	Enterprise Linux Server Eus	7.1	—
Redhat	Enterprise Linux Workstation	7.0	—
Php	Php	<= 5.4.40	—
Php	Php	5.4.39	—
Php	Php	5.5.0	—
Php	Php	5.5.1	—
Php	Php	5.5.2	—
Php	Php	5.5.3	—
Php	Php	5.5.4	—
Php	Php	5.5.5	—
Php	Php	5.5.6	—
Php	Php	5.5.7	—
Php	Php	5.5.8	—
Php	Php	5.5.9	—
Php	Php	5.5.10	—
Php	Php	5.5.11	—
Php	Php	5.5.12	—
Php	Php	5.5.13	—
Php	Php	5.5.14	—
Php	Php	5.5.18	—
Php	Php	5.5.19	—
Php	Php	5.5.20	—
Php	Php	5.5.21	—
Php	Php	5.5.22	—
Php	Php	5.5.23	—
Php	Php	5.5.24	—
Php	Php	5.6.0	Alpha1
Php	Php	5.6.2	—
Php	Php	5.6.3	—
Php	Php	5.6.4	—
Php	Php	5.6.5	—
Php	Php	5.6.6	—
Php	Php	5.6.7	—
Php	Php	5.6.8	—
Redhat	Enterprise Linux	6.0	—
Redhat	Enterprise Linux	7.0	—
Apple	Mac Os X	<= 10.10.4	—

References

Timeline

Published: Jun 9, 2015
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2015-4022?

How severe is CVE-2015-4022?

Severity scoring for CVE-2015-4022 is pending analysis. The EPSS model estimates a 20.31% probability of exploitation in the next 30 days.

How do I fix CVE-2015-4022?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2015-4022?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST