CVSS: 7.5EPSS: 86%CPEs: 46EXPL: 1CVE-2014-8142 – php: use after free vulnerability in unserialize()
https://notcve.org/view.php?id=CVE-2014-8142
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys within the serialized properties of an object, a different vulnerability than CVE-2004-1019. Vulnerabilidad de uso después de liberación en la función process_nested_data en core/dom/ProcessingInstruction.cpp en ext/standard/var_unserializer.re en PHP anterior a 5.4.36, 5.5.x anterior a 5.5.20, y 5.6.x anterior a 5.6.4, permite a atacantes remotos ejecutar código arbitrario mediante una petición manipulada no serializada que aprovecha un tratamiento incorrecto de las claves duplicadas sin sin las propiedades serializadas de un objeto, una vulnerabilidad diferente de CVE-2004-1019. A flaws was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=630f9c33c23639de85c3fd306b209b538b73b4c9 http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00029.html http://lists.opensuse.org/opensuse-updates/2015-02/msg00079.html http://marc.info/?l=bugtraq&m=143403519711434&w=2 http://marc.info/?l=bugtraq&m=143748090628601&w=2 http://marc.info/?l=bugtraq&m=144050155601375&w=2 http://php.net/ChangeLog-5.php http://rhn.redhat.com/errata/RHSA-2015-1053.html http://rhn.re • CWE-416: Use After Free •
CVSS: 7.5EPSS: 8%CPEs: 7EXPL: 1CVE-2014-8626 – php: xmlrpc ISO8601 date format parsing buffer overflow
https://notcve.org/view.php?id=CVE-2014-8626
Stack-based buffer overflow in the date_from_ISO8601 function in ext/xmlrpc/libxmlrpc/xmlrpc.c in PHP before 5.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by including a timezone field in a date, leading to improper XML-RPC encoding. Desbordamiento de buffer basado en memoria dinámica en la función date_from_ISO8601 en ext/xmlrpc/libxmlrpc/xmlrpc.c en PHP anterior a 5.2.7 permite a atacantes remotos causar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbitrario mediante la inclusión de un campo de zona horaria en una fecha, que conlleva a una codificación XML-RPC indebida. A stack-based buffer overflow flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash or execute arbitrary code with the privileges of the user running that PHP application. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=c818d0d01341907fee82bdb81cab07b7d93bb9db http://openwall.com/lists/oss-security/2014/11/06/3 http://php.net/ChangeLog-5.php http://rhn.redhat.com/errata/RHSA-2014-1824.html http://rhn.redhat.com/errata/RHSA-2014-1825.html http://www.securityfocus.com/bid/70928 https://bugs.php.net/bug.php?id=45226 https://bugzilla.redhat.com/show_bug.cgi?id=1155607 https://access.redhat.com/security/cve/CVE-2014-8626 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 5.0EPSS: 6%CPEs: 9EXPL: 0CVE-2014-3710 – file: out-of-bounds read in elf note headers
https://notcve.org/view.php?id=CVE-2014-3710
The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file. La función donote en readelf.c en file hasta 5.20, utilizado en el componente Fileinfo en PHP 5.4.34, no asegura que suficientes cabeceras de notas están presentes, lo que permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango y caída de aplicación) a través de un fichero ELF manipulado. An out-of-bounds read flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=1803228597e82218a8c105e67975bc50e6f5bf0d http://linux.oracle.com/errata/ELSA-2014-1767.html http://linux.oracle.com/errata/ELSA-2014-1768.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00113.html http://rhn.redhat.com/errata/RHSA-2014-1765.html http://rhn.redhat.com/errata/RHSA-2014-1766.html http://rhn.redhat.com/errata/RHSA-2014-1767.html http: • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 93%CPEs: 70EXPL: 1CVE-2014-3669 – php: integer overflow in unserialize()
https://notcve.org/view.php?id=CVE-2014-3669
Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function that triggers calculation of a large length value. Desbordamiento de enteros en la función object_custom en ext/standard/var_unserializer.c en PHP anterior a 5.4.34, 5.5.x anterior a 5.5.18, y 5.6.x anterior a 5.6.2 permite a atacantes remotos causar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbitrario a través de un argumento en la función unserialize que provoca el calculo de un valor grande de longitud. An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=56754a7f9eba0e4f559b6ca081d9f2a447b3f159 http://linux.oracle.com/errata/ELSA-2014-1767.html http://linux.oracle.com/errata/ELSA-2014-1768.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00024.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00034.html http://lists.opensuse.org/opensuse-updates/2015-01/msg00006.html http://php.net/ChangeLog-5.php&# • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 5.0EPSS: 11%CPEs: 70EXPL: 1CVE-2014-3668 – php: xmlrpc ISO8601 date format parsing out-of-bounds read in mkgmtime()
https://notcve.org/view.php?id=CVE-2014-3668
Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation. Desbordamiento de buffer en la función date_from_ISO8601 en la implementación mkgmtime en libxmlrpc/xmlrpc.c en la extensión XMLRPC en PHP anterior a 5.4.34, 5.5.x anterior a 5.5.18, y 5.6.x anterior a 5.6.2 permite a atacantes remotos causar una denegación de servicio (caída de aplicación) a través de (1) un primer argumento manipulado en la función xmlrpc_set_type o (2) un argumento manipulado en la función xmlrpc_decode, relacionado con una operación de lectura fuera de rango. An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=88412772d295ebf7dd34409534507dc9bcac726e http://linux.oracle.com/errata/ELSA-2014-1767.html http://linux.oracle.com/errata/ELSA-2014-1768.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00024.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00034.html http://lists.opensuse.org/opensuse-updates/2015-01/msg00006.html http://php.net/ChangeLog-5.php&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •