Published: 03/01/2015 Updated: 07/11/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

sapi/cgi/cgi_main.c in the CGI component in PHP up to and including 5.4.36, 5.5.x up to and including 5.5.20, and 5.6.x up to and including 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping's length during processing of an invalid file that begins with a # character and lacks a newline character, which causes an out-of-bounds read and might (1) allow remote malicious users to obtain sensitive information from php-cgi process memory by leveraging the ability to upload a .php file or (2) trigger unexpected code execution if a valid PHP script is present in memory locations adjacent to the mapping.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php php 5.5.0
php php 5.6.0
php php 4.3.9
php php 4.4.9
php php 3.0
php php 5.2.9
php php 4.0
php php 3.0.5
php php 3.0.11
php php 5.4.12
php php 5.3.10
php php 5.3.27
php php 5.1.5
php php 5.5.19
php php 5.4.15
php php 5.3.6
php php 5.3.9
php php 5.1.2
php php 5.3.1
php php 4.2.0
php php 5.1.1
php php 3.0.1
php php 5.3.18
php php 5.4.19
php php 5.2.14
php php 3.0.2
php php 4.4.4
php php 5.0.0
php php 4.1.0
php php 5.1.6
php php 5.2.16
php php 5.5.1
php php 5.3.24
php php 4.3.4
php php 4.0.4
php php 4.3.0
php php 4.0.5
php php 5.3.15
php php 5.3.8
php php 5.5.5
php php 5.2.7
php php 5.4.34
php php 5.2.2
php php 5.6.4
php php 3.0.8
php php 5.0.5
php php 4.3.6
php php 3.0.13
php php 5.4.14
php php 5.0.1
php php 5.1.4
php php 5.5.14
php php 5.3.14
php php 5.4.17
php php 5.2.5
php php 5.3.25
php php 4.3.7
php php 5.5.7
php php 5.0.4
php php 4.2.2
php php 5.6.2
php php 4.4.2
php php 5.4.35
php php 5.2.12
php php 3.0.7
php php 4.3.2
php php 5.3.20
php php 5.4.22
php php 4.3.11
php php 4.0.0
php php 5.4.11
php php 3.0.6
php php 5.5.12
php php 3.0.17
php php 4.0.7
php php 5.3.21
php php 5.4.10
php php 4.0.2
php php 5.5.6
php php 5.3.22
php php 5.4.2
php php 4.3.3
php php 2.0
php php 5.5.3
php php 4.1.1
php php 5.3.12
php php 3.0.15
php php 3.0.16
php php 5.4.27
php php 5.2.11
php php 5.2.6
php php 5.5.8
php php 5.4.16
php php 5.4.28
php php 5.4.21
php php 5.2.17
php php 5.3.0
php php 4.4.3
php php 5.2.3
php php 5.3.3
php php 5.0.3
php php 5.4.36
php php 5.4.26
php php 5.3.23
php php 3.0.10
php php 5.3.7
php php 3.0.4
php php 4.2.3
php php 5.1.0
php php 4.4.5
php php 5.5.11
php php 5.2.13
php php 5.5.13
php php 5.5.4
php php 5.4.24
php php 2.0b10
php php 5.4.23
php php 4.4.8
php php 5.4.30
php php 4.0.6
php php 5.2.0
php php 5.2.4
php php 5.3.11
php php 4.1.2
php php 5.4.13
php php 5.3.17
php php 5.4.29
php php 5.4.0
php php 5.3.2
php php 5.4.3
php php 5.3.4
php php 5.3.16
php php 4.3.1
php php 5.1.3
php php 3.0.18
php php 4.4.0
php php 5.2.10
php php 4.3.10
php php 5.4.18
php php 4.2.1
php php 5.5.10
php php 5.6.3
php php 4.0.1
php php 1.0
php php 5.3.26
php php 5.0.2
php php 4.4.6
php php 3.0.12
php php 5.4.1
php php 5.2.15
php php 5.3.5
php php 4.4.1
php php 5.2.1
php php 5.3.13
php php 4.0.3
php php 5.5.18
php php 3.0.14
php php 5.4.20
php php 3.0.9
php php 3.0.3
php php 5.3.28
php php 5.4.25
php php 5.3.19
php php 4.3.8
php php 4.3.5
php php 5.5.20
php php 5.5.2
php php 5.2.8
php php 5.5.9
php php 4.4.7

Several security issues were fixed in PHP ...

sapi/cgi/cgi_mainc in the CGI component in PHP through 5436, 55x through 5520, and 56x through 564, when mmap is used to read a php file, does not properly consider the mapping's length during processing of an invalid file that begins with a # character and lacks a newline character, which causes an out-of-bounds read and might (1) allo ...

A flaw was found in the way PHP handled malformed source files when running in CGI mode A specially crafted PHP file could cause PHP CGI to crash ...

PHP contains a use-after-free error in the process_nested_data() function in ext/standard/var_unserializerre With specially crafted input passed to the unserialize() method, a remote attacker can dereference already freed memory and potentially execute arbitrary code (CVE-2014-8142 / CVE-2015-0231) PHP contains a flaw in the exif_process_unicod ...

CWE-119 https://bugs.php.net/bug.php?id=68618 http://openwall.com/lists/oss-security/2015/01/01/1 http://openwall.com/lists/oss-security/2014/12/31/6 http://openwall.com/lists/oss-security/2015/01/03/4 http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00029.html http://lists.opensuse.org/opensuse-updates/2015-02/msg00079.html http://advisories.mageia.org/MGASA-2015-0040.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:032 https://support.apple.com/HT205267 http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://marc.info/?l=bugtraq&m=143748090628601&w=2 http://marc.info/?l=bugtraq&m=144050155601375&w=2 http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html http://www.securityfocus.com/bid/71833 https://security.gentoo.org/glsa/201503-03 http://rhn.redhat.com/errata/RHSA-2015-1066.html http://rhn.redhat.com/errata/RHSA-2015-1053.html http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=f9ad3086693fce680fbe246e4a45aa92edd2ac35 https://usn.ubuntu.com/2501-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2014-9427

Get Started

CVE-2014-9427

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect