CVSS: 7.5EPSS: 5%CPEs: 3EXPL: 0CVE-2014-9425 – php: Double-free in zend_ts_hash_graceful_destroy()
https://notcve.org/view.php?id=CVE-2014-9425
Double free vulnerability in the zend_ts_hash_graceful_destroy function in zend_ts_hash.c in the Zend Engine in PHP through 5.5.20 and 5.6.x through 5.6.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Vulnerabilidad de doble liberación en la función zend_ts_hash_graceful_destroy en zend_ts_hash.c en Zend Engine en PHP hasta 5.5.20 y 5.6.x hasta 5.6.4 permite a atacantes remotos causar una denegación de servicio o la posibilidad de tener otro impacto sin especificar a través de vectores no conocidos. A double free flaw was found in zend_ts_hash_graceful_destroy() function in the PHP ZTS module. This flaw could possibly cause a PHP application to crash. • http://advisories.mageia.org/MGASA-2015-0040.html http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=24125f0f26f3787c006e4a51611ba33ee3b841cb http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=2bcf69d073190e4f032d883f3416dea1b027a39e http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=fbf3a6bc1abcc8a5b5226b0ad9464c37f11ddbd6 http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://openwall.com/lists/oss-security/2014/12/29/6 http://rhn.redhat.com/errata/RHSA-2015-1218.html http:&# • CWE-416: Use After Free •
CVSS: 7.5EPSS: 86%CPEs: 46EXPL: 1CVE-2014-8142 – php: use after free vulnerability in unserialize()
https://notcve.org/view.php?id=CVE-2014-8142
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys within the serialized properties of an object, a different vulnerability than CVE-2004-1019. Vulnerabilidad de uso después de liberación en la función process_nested_data en core/dom/ProcessingInstruction.cpp en ext/standard/var_unserializer.re en PHP anterior a 5.4.36, 5.5.x anterior a 5.5.20, y 5.6.x anterior a 5.6.4, permite a atacantes remotos ejecutar código arbitrario mediante una petición manipulada no serializada que aprovecha un tratamiento incorrecto de las claves duplicadas sin sin las propiedades serializadas de un objeto, una vulnerabilidad diferente de CVE-2004-1019. A flaws was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=630f9c33c23639de85c3fd306b209b538b73b4c9 http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00029.html http://lists.opensuse.org/opensuse-updates/2015-02/msg00079.html http://marc.info/?l=bugtraq&m=143403519711434&w=2 http://marc.info/?l=bugtraq&m=143748090628601&w=2 http://marc.info/?l=bugtraq&m=144050155601375&w=2 http://php.net/ChangeLog-5.php http://rhn.redhat.com/errata/RHSA-2015-1053.html http://rhn.re • CWE-416: Use After Free •
CVSS: 5.0EPSS: 6%CPEs: 9EXPL: 0CVE-2014-3710 – file: out-of-bounds read in elf note headers
https://notcve.org/view.php?id=CVE-2014-3710
The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file. La función donote en readelf.c en file hasta 5.20, utilizado en el componente Fileinfo en PHP 5.4.34, no asegura que suficientes cabeceras de notas están presentes, lo que permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango y caída de aplicación) a través de un fichero ELF manipulado. An out-of-bounds read flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=1803228597e82218a8c105e67975bc50e6f5bf0d http://linux.oracle.com/errata/ELSA-2014-1767.html http://linux.oracle.com/errata/ELSA-2014-1768.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00113.html http://rhn.redhat.com/errata/RHSA-2014-1765.html http://rhn.redhat.com/errata/RHSA-2014-1766.html http://rhn.redhat.com/errata/RHSA-2014-1767.html http: • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •
CVSS: 5.0EPSS: 11%CPEs: 70EXPL: 1CVE-2014-3668 – php: xmlrpc ISO8601 date format parsing out-of-bounds read in mkgmtime()
https://notcve.org/view.php?id=CVE-2014-3668
Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation. Desbordamiento de buffer en la función date_from_ISO8601 en la implementación mkgmtime en libxmlrpc/xmlrpc.c en la extensión XMLRPC en PHP anterior a 5.4.34, 5.5.x anterior a 5.5.18, y 5.6.x anterior a 5.6.2 permite a atacantes remotos causar una denegación de servicio (caída de aplicación) a través de (1) un primer argumento manipulado en la función xmlrpc_set_type o (2) un argumento manipulado en la función xmlrpc_decode, relacionado con una operación de lectura fuera de rango. An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=88412772d295ebf7dd34409534507dc9bcac726e http://linux.oracle.com/errata/ELSA-2014-1767.html http://linux.oracle.com/errata/ELSA-2014-1768.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00024.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00034.html http://lists.opensuse.org/opensuse-updates/2015-01/msg00006.html http://php.net/ChangeLog-5.php&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 93%CPEs: 70EXPL: 1CVE-2014-3669 – php: integer overflow in unserialize()
https://notcve.org/view.php?id=CVE-2014-3669
Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function that triggers calculation of a large length value. Desbordamiento de enteros en la función object_custom en ext/standard/var_unserializer.c en PHP anterior a 5.4.34, 5.5.x anterior a 5.5.18, y 5.6.x anterior a 5.6.2 permite a atacantes remotos causar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbitrario a través de un argumento en la función unserialize que provoca el calculo de un valor grande de longitud. An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=56754a7f9eba0e4f559b6ca081d9f2a447b3f159 http://linux.oracle.com/errata/ELSA-2014-1767.html http://linux.oracle.com/errata/ELSA-2014-1768.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00024.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00034.html http://lists.opensuse.org/opensuse-updates/2015-01/msg00006.html http://php.net/ChangeLog-5.php&# • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •