// For flags

CVE-2014-9705

php: heap buffer overflow in enchant_broker_request_dict()

Severity Score

7.5
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries.

Desbordamiento de buffer basado en memoria dinámica en la función enchant_broker_request_dict en ext/enchant/enchant.c en PHP anterior a 5.4.38, 5.5.x anterior a 5.5.22, y 5.6.x anterior a 5.6.6 permite a atacantes remotos ejecutar código arbitrario a través de vectores que provocan la creación de múltiples diccionarios.

A heap buffer overflow flaw was found in the enchant_broker_request_dict() function of PHP's enchant extension. A specially crafted tag input could possibly cause a PHP application to crash.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-03-15 CVE Reserved
  • 2015-03-19 CVE Published
  • 2024-08-06 CVE Updated
  • 2024-08-06 First Exploit
  • 2024-11-09 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
  • CWE-122: Heap-based Buffer Overflow
CAPEC
References (25)
URL Tag Source
http://openwall.com/lists/oss-security/2015/03/15/6 Mailing List
http://php.net/ChangeLog-5.php X_refsource_confirm
http://svn.php.net/viewvc/pecl/enchant/trunk/enchant.c?r1=317600&r2=335803 X_refsource_confirm
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html X_refsource_confirm
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html X_refsource_confirm
http://www.securityfocus.com/bid/73031 Vdb Entry
http://www.securitytracker.com/id/1031948 Vdb Entry
https://support.apple.com/HT205267 X_refsource_confirm
URL Date SRC
https://bugs.php.net/bug.php?id=68552 2024-08-06
https://www.htbridge.com/advisory/HTB23252 2024-08-06
URL Date SRC
URL Date SRC
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html 2018-01-05
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html 2018-01-05
http://lists.opensuse.org/opensuse-updates/2015-04/msg00002.html 2018-01-05
http://marc.info/?l=bugtraq&m=143748090628601&w=2 2018-01-05
http://marc.info/?l=bugtraq&m=144050155601375&w=2 2018-01-05
http://rhn.redhat.com/errata/RHSA-2015-1053.html 2018-01-05
http://rhn.redhat.com/errata/RHSA-2015-1066.html 2018-01-05
http://rhn.redhat.com/errata/RHSA-2015-1135.html 2018-01-05
http://rhn.redhat.com/errata/RHSA-2015-1218.html 2018-01-05
http://www.debian.org/security/2015/dsa-3195 2018-01-05
http://www.mandriva.com/security/advisories?name=MDVSA-2015:079 2018-01-05
http://www.ubuntu.com/usn/USN-2535-1 2018-01-05
https://security.gentoo.org/glsa/201606-10 2018-01-05
https://access.redhat.com/security/cve/CVE-2014-9705 2015-07-09
https://bugzilla.redhat.com/show_bug.cgi?id=1194737 2015-07-09
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 <= 5.4.37
Search vendor "Php" for product "Php" and version " <= 5.4.37"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.0
Search vendor "Php" for product "Php" and version "5.5.0"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.0
Search vendor "Php" for product "Php" and version "5.5.0"
alpha1
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.0
Search vendor "Php" for product "Php" and version "5.5.0"
alpha2
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.0
Search vendor "Php" for product "Php" and version "5.5.0"
alpha3
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.0
Search vendor "Php" for product "Php" and version "5.5.0"
alpha4
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.0
Search vendor "Php" for product "Php" and version "5.5.0"
alpha5
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.0
Search vendor "Php" for product "Php" and version "5.5.0"
alpha6
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.0
Search vendor "Php" for product "Php" and version "5.5.0"
beta1
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.0
Search vendor "Php" for product "Php" and version "5.5.0"
beta2
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.0
Search vendor "Php" for product "Php" and version "5.5.0"
beta3
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.0
Search vendor "Php" for product "Php" and version "5.5.0"
beta4
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.0
Search vendor "Php" for product "Php" and version "5.5.0"
rc1
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.0
Search vendor "Php" for product "Php" and version "5.5.0"
rc2
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.1
Search vendor "Php" for product "Php" and version "5.5.1"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.2
Search vendor "Php" for product "Php" and version "5.5.2"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.3
Search vendor "Php" for product "Php" and version "5.5.3"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.4
Search vendor "Php" for product "Php" and version "5.5.4"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.5
Search vendor "Php" for product "Php" and version "5.5.5"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.6
Search vendor "Php" for product "Php" and version "5.5.6"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.7
Search vendor "Php" for product "Php" and version "5.5.7"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.8
Search vendor "Php" for product "Php" and version "5.5.8"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.9
Search vendor "Php" for product "Php" and version "5.5.9"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.10
Search vendor "Php" for product "Php" and version "5.5.10"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.11
Search vendor "Php" for product "Php" and version "5.5.11"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.12
Search vendor "Php" for product "Php" and version "5.5.12"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.13
Search vendor "Php" for product "Php" and version "5.5.13"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.14
Search vendor "Php" for product "Php" and version "5.5.14"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.15
Search vendor "Php" for product "Php" and version "5.5.15"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.16
Search vendor "Php" for product "Php" and version "5.5.16"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.17
Search vendor "Php" for product "Php" and version "5.5.17"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.18
Search vendor "Php" for product "Php" and version "5.5.18"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.19
Search vendor "Php" for product "Php" and version "5.5.19"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.20
Search vendor "Php" for product "Php" and version "5.5.20"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.5.21
Search vendor "Php" for product "Php" and version "5.5.21"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.6.0
Search vendor "Php" for product "Php" and version "5.6.0"
alpha1
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.6.0
Search vendor "Php" for product "Php" and version "5.6.0"
alpha2
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.6.0
Search vendor "Php" for product "Php" and version "5.6.0"
alpha3
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.6.0
Search vendor "Php" for product "Php" and version "5.6.0"
alpha4
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.6.0
Search vendor "Php" for product "Php" and version "5.6.0"
alpha5
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.6.0
Search vendor "Php" for product "Php" and version "5.6.0"
beta1
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.6.0
Search vendor "Php" for product "Php" and version "5.6.0"
beta2
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.6.0
Search vendor "Php" for product "Php" and version "5.6.0"
beta3
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.6.0
Search vendor "Php" for product "Php" and version "5.6.0"
beta4
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.6.1
Search vendor "Php" for product "Php" and version "5.6.1"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.6.2
Search vendor "Php" for product "Php" and version "5.6.2"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.6.3
Search vendor "Php" for product "Php" and version "5.6.3"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.6.4
Search vendor "Php" for product "Php" and version "5.6.4"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.6.5
Search vendor "Php" for product "Php" and version "5.6.5"
-
Affected