PT-2014-1421 · Php+5 · Php+5

Stefan Esser

Publicado

2014-06-09

Atualizado

2022-11-09

CVE-2014-3515

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.4.30 PHP versions 5.5.x prior to 5.5.14

Description The issue arises from incorrect anticipation of data structure types after unserialization in the SPL component, leading to potential remote code execution through crafted strings that trigger the use of a Hashtable destructor. This is related to "type confusion" issues in ArrayObject and SPLObjectStorage.

Recommendations For PHP versions prior to 5.4.30, update to version 5.4.30 or later. For PHP versions 5.5.x prior to 5.5.14, update to version 5.5.14 or later.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

BDU:2015-00376

CESA-2014_1012

CESA-2014_1013

CVE-2014-3515

DLA-0018-1

DSA-2974-1

HPSBUX03102

MGASA-2014-0283

MGASA-2014-0284

RHSA-2014:1012

RHSA-2014:1013

RHSA-2014:1765

RHSA-2014:1766

RHSA-2014_1012

RHSA-2014_1013

SUSE-SU-2016:1638-1

USN-2276-1

Produtos afetados

Centos

Hp-Ux

Php

Red Hat

Suse

Ubuntu

PT-2014-1421 · Php+5 · Php+5

CVE-2014-3515

Identificadores relacionados

Produtos afetados

Referências · 292