CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
98.4%
The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related to “type confusion” issues in (1) ArrayObject and (2) SPLObjectStorage.
Vendor | Product | Version | CPE |
---|---|---|---|
php | php | * | cpe:2.3:a:php:php:*:*:*:*:*:*:*:* |
debian | debian_linux | 7.0 | cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* |
debian | debian_linux | 8.0 | cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* |
git.php.net/?p=php-src.git%3Ba=commit%3Bh=88223c5245e9b470e1e6362bfd96829562ffe6ab
lists.opensuse.org/opensuse-updates/2014-09/msg00046.html
marc.info/?l=bugtraq&m=141017844705317&w=2
rhn.redhat.com/errata/RHSA-2014-1765.html
rhn.redhat.com/errata/RHSA-2014-1766.html
secunia.com/advisories/59794
secunia.com/advisories/59831
secunia.com/advisories/60998
support.apple.com/kb/HT6443
www-01.ibm.com/support/docview.wss?uid=swg21683486
www.debian.org/security/2014/dsa-2974
www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
www.php.net/ChangeLog-5.php
www.securityfocus.com/bid/68237
bugs.php.net/bug.php?id=67492
More