PT-2014-1411 · Php+4 · Php+4

Publicado

2014-07-04

Atualizado

2024-06-15

CVE-2014-4698

CVSS v2.0

4.6

Média

Vetor

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.5.14

Description The issue is related to a use-after-free vulnerability in the SPL component, specifically in the ext/spl/spl array.c file. This vulnerability can be exploited by context-dependent attackers to cause a denial of service or possibly have other unspecified impacts. The exploitation is possible via crafted ArrayIterator usage within applications in certain web-hosting environments.

Recommendations For PHP versions prior to 5.5.14, update to version 5.5.14 or later to resolve the issue. As a temporary workaround, consider restricting the use of the ArrayIterator in applications to minimize the risk of exploitation.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

BDU:2015-00366

CESA-2014_1326

CESA-2014_1327

CVE-2014-4698

MGASA-2014-0324

OPENSUSE-SU-2024:10290-1

OPENSUSE-SU-2024:10344-1

OPENSUSE-SU-2024:11169-1

RHSA-2014:1326

RHSA-2014:1327

RHSA-2014:1765

RHSA-2014:1766

RHSA-2014_1326

RHSA-2014_1327

SUSE-SU-2016:1638-1

USN-2276-1

Produtos afetados

Centos

Php

Red Hat

Suse

Ubuntu

PT-2014-1411 · Php+4 · Php+4

CVE-2014-4698

Identificadores relacionados

Produtos afetados

Referências · 369