CVE-2014-3515

critical

Description

The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related to "type confusion" issues in (1) ArrayObject and (2) SPLObjectStorage.

References

https://bugs.php.net/bug.php?id=67492

http://www.securityfocus.com/bid/68237

http://www.php.net/ChangeLog-5.php

http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

http://www.debian.org/security/2014/dsa-2974

http://www-01.ibm.com/support/docview.wss?uid=swg21683486

http://support.apple.com/kb/HT6443

http://secunia.com/advisories/60998

http://secunia.com/advisories/59831

http://secunia.com/advisories/59794

http://rhn.redhat.com/errata/RHSA-2014-1766.html

http://rhn.redhat.com/errata/RHSA-2014-1765.html

http://marc.info/?l=bugtraq&m=141017844705317&w=2

http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html

http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=88223c5245e9b470e1e6362bfd96829562ffe6ab

Details

Source: Mitre, NVD

Published: 2014-07-09

Updated: 2023-11-07

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Severity: Critical