CVSS: 7.5EPSS: 86%CPEs: 46EXPL: 1CVE-2014-8142 – php: use after free vulnerability in unserialize()
https://notcve.org/view.php?id=CVE-2014-8142
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys within the serialized properties of an object, a different vulnerability than CVE-2004-1019. Vulnerabilidad de uso después de liberación en la función process_nested_data en core/dom/ProcessingInstruction.cpp en ext/standard/var_unserializer.re en PHP anterior a 5.4.36, 5.5.x anterior a 5.5.20, y 5.6.x anterior a 5.6.4, permite a atacantes remotos ejecutar código arbitrario mediante una petición manipulada no serializada que aprovecha un tratamiento incorrecto de las claves duplicadas sin sin las propiedades serializadas de un objeto, una vulnerabilidad diferente de CVE-2004-1019. A flaws was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=630f9c33c23639de85c3fd306b209b538b73b4c9 http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00029.html http://lists.opensuse.org/opensuse-updates/2015-02/msg00079.html http://marc.info/?l=bugtraq&m=143403519711434&w=2 http://marc.info/?l=bugtraq&m=143748090628601&w=2 http://marc.info/?l=bugtraq&m=144050155601375&w=2 http://php.net/ChangeLog-5.php http://rhn.redhat.com/errata/RHSA-2015-1053.html http://rhn.re • CWE-416: Use After Free •
CVSS: 7.5EPSS: 8%CPEs: 7EXPL: 1CVE-2014-8626 – php: xmlrpc ISO8601 date format parsing buffer overflow
https://notcve.org/view.php?id=CVE-2014-8626
Stack-based buffer overflow in the date_from_ISO8601 function in ext/xmlrpc/libxmlrpc/xmlrpc.c in PHP before 5.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by including a timezone field in a date, leading to improper XML-RPC encoding. Desbordamiento de buffer basado en memoria dinámica en la función date_from_ISO8601 en ext/xmlrpc/libxmlrpc/xmlrpc.c en PHP anterior a 5.2.7 permite a atacantes remotos causar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbitrario mediante la inclusión de un campo de zona horaria en una fecha, que conlleva a una codificación XML-RPC indebida. A stack-based buffer overflow flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash or execute arbitrary code with the privileges of the user running that PHP application. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=c818d0d01341907fee82bdb81cab07b7d93bb9db http://openwall.com/lists/oss-security/2014/11/06/3 http://php.net/ChangeLog-5.php http://rhn.redhat.com/errata/RHSA-2014-1824.html http://rhn.redhat.com/errata/RHSA-2014-1825.html http://www.securityfocus.com/bid/70928 https://bugs.php.net/bug.php?id=45226 https://bugzilla.redhat.com/show_bug.cgi?id=1155607 https://access.redhat.com/security/cve/CVE-2014-8626 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 5.0EPSS: 11%CPEs: 70EXPL: 1CVE-2014-3668 – php: xmlrpc ISO8601 date format parsing out-of-bounds read in mkgmtime()
https://notcve.org/view.php?id=CVE-2014-3668
Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation. Desbordamiento de buffer en la función date_from_ISO8601 en la implementación mkgmtime en libxmlrpc/xmlrpc.c en la extensión XMLRPC en PHP anterior a 5.4.34, 5.5.x anterior a 5.5.18, y 5.6.x anterior a 5.6.2 permite a atacantes remotos causar una denegación de servicio (caída de aplicación) a través de (1) un primer argumento manipulado en la función xmlrpc_set_type o (2) un argumento manipulado en la función xmlrpc_decode, relacionado con una operación de lectura fuera de rango. An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=88412772d295ebf7dd34409534507dc9bcac726e http://linux.oracle.com/errata/ELSA-2014-1767.html http://linux.oracle.com/errata/ELSA-2014-1768.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00024.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00034.html http://lists.opensuse.org/opensuse-updates/2015-01/msg00006.html http://php.net/ChangeLog-5.php&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 93%CPEs: 70EXPL: 1CVE-2014-3669 – php: integer overflow in unserialize()
https://notcve.org/view.php?id=CVE-2014-3669
Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function that triggers calculation of a large length value. Desbordamiento de enteros en la función object_custom en ext/standard/var_unserializer.c en PHP anterior a 5.4.34, 5.5.x anterior a 5.5.18, y 5.6.x anterior a 5.6.2 permite a atacantes remotos causar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbitrario a través de un argumento en la función unserialize que provoca el calculo de un valor grande de longitud. An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=56754a7f9eba0e4f559b6ca081d9f2a447b3f159 http://linux.oracle.com/errata/ELSA-2014-1767.html http://linux.oracle.com/errata/ELSA-2014-1768.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00024.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00034.html http://lists.opensuse.org/opensuse-updates/2015-01/msg00006.html http://php.net/ChangeLog-5.php&# • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 6.8EPSS: 26%CPEs: 70EXPL: 1CVE-2014-3670 – php: heap corruption issue in exif_thumbnail()
https://notcve.org/view.php?id=CVE-2014-3670
The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted JPEG image with TIFF thumbnail data that is improperly handled by the exif_thumbnail function. La función exif_ifd_make_value en exif.c en la extensión EXIF en PHP anterior a 5.4.34, 5.5.x anterior a 5.5.18, y 5.6.x anterior a 5.6.2 opera sobre arrays de punto flotante incorrectamente, lo que permite a atacantes remotos causar una denegación de servicio (corrupción de memoria dinámica y caída de aplicación) o posiblemente ejecutar código arbitrario a través de un imagen JPEG manipulado con datos 'thumbnail' TIFF que son manejados indebidamente por la función exif_thumbnail. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=ddb207e7fa2e9adeba021a1303c3781efda5409b http://linux.oracle.com/errata/ELSA-2014-1767.html http://linux.oracle.com/errata/ELSA-2014-1768.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00024.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00034.html http://lists.opensuse.org/opensuse-updates/2015-01/msg00006.html http://php.net/ChangeLog-5.php&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •