Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP prior to 5.4.34, 5.5.x prior to 5.5.18, and 5.6.x prior to 5.6.2 allows remote malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function that triggers calculation of a large length value.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
php php 5.6.1 |
||
php php 5.5.0 |
||
php php 5.4.32 |
||
php php 5.4.12 |
||
php php 5.4.15 |
||
php php 5.5.16 |
||
php php 5.4.19 |
||
php php 5.6.0 |
||
php php 5.5.1 |
||
php php 5.5.5 |
||
php php 5.5.17 |
||
php php 5.4.14 |
||
php php 5.4.8 |
||
php php 5.5.14 |
||
php php 5.4.17 |
||
php php 5.5.7 |
||
php php 5.4.22 |
||
php php 5.4.9 |
||
php php 5.4.11 |
||
php php 5.5.12 |
||
php php 5.4.10 |
||
php php 5.5.6 |
||
php php 5.4.2 |
||
php php |
||
php php 5.5.3 |
||
php php 5.4.27 |
||
php php 5.5.8 |
||
php php 5.4.16 |
||
php php 5.4.28 |
||
php php 5.4.21 |
||
php php 5.4.5 |
||
php php 5.4.26 |
||
php php 5.5.15 |
||
php php 5.5.11 |
||
php php 5.5.13 |
||
php php 5.5.4 |
||
php php 5.4.24 |
||
php php 5.4.23 |
||
php php 5.4.6 |
||
php php 5.4.30 |
||
php php 5.4.31 |
||
php php 5.4.13 |
||
php php 5.4.29 |
||
php php 5.4.0 |
||
php php 5.4.3 |
||
php php 5.4.18 |
||
php php 5.5.10 |
||
php php 5.4.1 |
||
php php 5.4.20 |
||
php php 5.4.25 |
||
php php 5.4.7 |
||
php php 5.4.4 |
||
php php 5.5.2 |
||
php php 5.5.9 |
Simple solution to remote code execution
Patches have been flung out to cover vulnerabilities in PHP that led to remote code execution and buffer overflows. The flaws were detailed this week by Swiss researchers High-Tech Bridge in versions 5.4.33, 5.5.17 and 5.6.1 on a machine running Ubuntu 14.04.1 LTS and the Radamsa fuzzer. A patch issued last month for CVE-2014-3669 closed an unserialised function which researcher Symeon Paraschoudis detailed in a technical walk through. "As expected *p pointer (stored in edx) now points to invali...