CVE-2014-3515

PHP < 5.3.29 - Remote Code Execution via SPL Type Confusion

Title source: manual
STIX 2.1

Description

The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related to "type confusion" issues in (1) ArrayObject and (2) SPLObjectStorage.

References (15)

Core 15
Core References
Third Party Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21683486
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-1766.html
Patch, Vendor Advisory x_refsource_confirm
https://bugs.php.net/bug.php?id=67492
Mailing List, Third Party Advisory vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=141017844705317&w=2
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2014/dsa-2974
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/59794
Vendor Advisory x_refsource_confirm
http://www.php.net/ChangeLog-5.php
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/60998
Third Party Advisory x_refsource_confirm
http://support.apple.com/kb/HT6443
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-1765.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/68237
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/59831
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html

Scores

EPSS 0.4866
EPSS Percentile 97.8%

Details

Status published
Products (3)
debian/debian_linux 7.0
debian/debian_linux 8.0
php/php < 5.3.29
Published Jul 09, 2014
Tracked Since Feb 18, 2026