7.5

CVE-2014-3515

The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related to "type confusion" issues in (1) ArrayObject and (2) SPLObjectStorage.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpPhp Version < 5.3.29
PhpPhp Version >= 5.4.0 < 5.4.30
PhpPhp Version >= 5.5.0 < 5.5.14
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 30.13% 0.98
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
Third Party Advisory
http://www.php.net/ChangeLog-5.php
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2014-1765.html
Third Party Advisory
http://support.apple.com/kb/HT6443
Third Party Advisory
http://marc.info/?l=bugtraq&m=141017844705317&w=2
Third Party Advisory
Mailing List
http://rhn.redhat.com/errata/RHSA-2014-1766.html
Third Party Advisory
http://secunia.com/advisories/60998
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21683486
Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/59794
Third Party Advisory
http://secunia.com/advisories/59831
Third Party Advisory
http://www.debian.org/security/2014/dsa-2974
Third Party Advisory
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=88223c5245e9b470e1e6362bfd96829562ffe6ab
http://www.securityfocus.com/bid/68237
Third Party Advisory
VDB Entry
https://bugs.php.net/bug.php?id=67492
Patch
Vendor Advisory