Published: 29/10/2014 Updated: 07/11/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 670

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP prior to 5.4.34, 5.5.x prior to 5.5.18, and 5.6.x prior to 5.6.2 allows remote malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function that triggers calculation of a large length value.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php php 5.6.1
php php 5.5.0
php php 5.4.32
php php 5.4.12
php php 5.4.15
php php 5.5.16
php php 5.4.19
php php 5.6.0
php php 5.5.1
php php 5.5.5
php php 5.5.17
php php 5.4.14
php php 5.4.8
php php 5.5.14
php php 5.4.17
php php 5.5.7
php php 5.4.22
php php 5.4.9
php php 5.4.11
php php 5.5.12
php php 5.4.10
php php 5.5.6
php php 5.4.2
php php
php php 5.5.3
php php 5.4.27
php php 5.5.8
php php 5.4.16
php php 5.4.28
php php 5.4.21
php php 5.4.5
php php 5.4.26
php php 5.5.15
php php 5.5.11
php php 5.5.13
php php 5.5.4
php php 5.4.24
php php 5.4.23
php php 5.4.6
php php 5.4.30
php php 5.4.31
php php 5.4.13
php php 5.4.29
php php 5.4.0
php php 5.4.3
php php 5.4.18
php php 5.5.10
php php 5.4.1
php php 5.4.20
php php 5.4.25
php php 5.4.7
php php 5.4.4
php php 5.5.2
php php 5.5.9

Synopsis Important: php security update Type/Severity Security Advisory: Important Topic Updated php packages that fix two security issues are now available forRed Hat Enterprise Linux 65 Extended Update SupportRed Hat Product Security has rated this update as having Important securityimpact Common Vulne ...

Several security issues were fixed in PHP ...

Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development It has been decided to follow the stable 54x releases for the Wheezy PHP packages Consequently the vulnerabilities are addressed by upgrading PHP to a new upstream version 5434, which includes additional bug fixes, new ...

An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format A specially crafted XML-RPC request or response could possibly cause a PHP application to crash (CVE-2014-3668) An integer overflow flaw was found in the way custom objects were unserialized Specially crafted input processed by the unserializ ...

An integer overflow flaw was found in the way custom objects were unserialized Specially crafted input processed by the unserialize() function could cause a PHP application to crash ...

SecurityCenter is impacted by one vulnerability in PHP that was recently disclosed and fixed CVE-2014-3669: PHP contains an integer overflow condition in the object_custom() function in ext/standard/var_unserializerre that is triggered when serializing user-supplied input With specially crafted input, a remote attacker can cause a crash Note ...

Quick PHP patch beats slow research reveal

The Register • Darren Pauli • 23 Oct 2014

Simple solution to remote code execution

Patches have been flung out to cover vulnerabilities in PHP that led to remote code execution and buffer overflows. The flaws were detailed this week by Swiss researchers High-Tech Bridge in versions 5.4.33, 5.5.17 and 5.6.1 on a machine running Ubuntu 14.04.1 LTS and the Radamsa fuzzer. A patch issued last month for CVE-2014-3669 closed an unserialised function which researcher Symeon Paraschoudis detailed in a technical walk through. "As expected *p pointer (stored in edx) now points to invali...

CVE-2014-3669

Vulnerability Summary

Vendor Advisories

Recent Articles

References

Vulmon Search

About

Products

Connect