CVE-2014-3515
php: unserialize() SPL ArrayObject / SPLObjectStorage type confusion flaw
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related to "type confusion" issues in (1) ArrayObject and (2) SPLObjectStorage.
El componente SPL en PHP anterior a 5.4.30 y 5.5.x anterior a 5.5.14 anticipa incorrectamente que ciertas estructuras de datos tendrán el tipo de datos array después de deserialización, lo que permite a atacantes remotos ejecutar código arbitrario a través de una cadena manipulada que provoca el uso de un destructor Hashtable, relacionado con problemas de 'confusión de tipos' en (1) ArrayObject y (2) SPLObjectStorage.
A type confusion issue was found in the SPL ArrayObject and SPLObjectStorage classes' unserialize() method. A remote attacker able to submit specially crafted input to a PHP application, which would then unserialize this input using one of the aforementioned methods, could use this flaw to execute arbitrary code with the privileges of the user running that PHP application.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-05-14 CVE Reserved
- 2014-07-09 CVE Published
- 2024-01-03 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')
CAPEC
References (17)
| URL | Tag | Source |
|---|---|---|
| http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=88223c5245e9b470e1e6362bfd96829562ffe6ab | X_refsource_confirm | |
| http://secunia.com/advisories/59794 | Third Party Advisory | |
| http://secunia.com/advisories/59831 | Third Party Advisory | |
| http://secunia.com/advisories/60998 | Third Party Advisory | |
| http://support.apple.com/kb/HT6443 | Third Party Advisory |
|
| http://www-01.ibm.com/support/docview.wss?uid=swg21683486 | Third Party Advisory | |
| http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html | Third Party Advisory |
|
| http://www.securityfocus.com/bid/68237 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugs.php.net/bug.php?id=67492 | 2023-11-07 |
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html | 2023-11-07 | |
| http://marc.info/?l=bugtraq&m=141017844705317&w=2 | 2023-11-07 | |
| http://rhn.redhat.com/errata/RHSA-2014-1765.html | 2023-11-07 | |
| http://rhn.redhat.com/errata/RHSA-2014-1766.html | 2023-11-07 | |
| http://www.debian.org/security/2014/dsa-2974 | 2023-11-07 | |
| http://www.php.net/ChangeLog-5.php | 2023-11-07 | |
| https://access.redhat.com/security/cve/CVE-2014-3515 | 2014-10-30 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1112154 | 2014-10-30 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | < 5.3.29 Search vendor "Php" for product "Php" and version " < 5.3.29" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | >= 5.4.0 < 5.4.30 Search vendor "Php" for product "Php" and version " >= 5.4.0 < 5.4.30" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | >= 5.5.0 < 5.5.14 Search vendor "Php" for product "Php" and version " >= 5.5.0 < 5.5.14" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||