Vulnerability-Lookup

CVE-2014-3669 (GCVE-0-2014-3669)

Vulnerability from cvelistv5 – Published: 2014-10-29 10:00 – Updated: 2024-08-06 10:50

Summary

Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function that triggers calculation of a large length value.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://rhn.redhat.com/errata/RHSA-2014-1824.html	vendor-advisoryx_refsource_REDHAT
	http://secunia.com/advisories/59967	third-party-advisoryx_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-updates/2014-1…	vendor-advisoryx_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2014-1767.html	vendor-advisoryx_refsource_REDHAT
	http://www.ubuntu.com/usn/USN-2391-1	vendor-advisoryx_refsource_UBUNTU
	https://support.apple.com/HT204659	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-updates/2014-1…	vendor-advisoryx_refsource_SUSE
	http://secunia.com/advisories/61982	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/61763	third-party-advisoryx_refsource_SECUNIA
	http://linux.oracle.com/errata/ELSA-2014-1767.html	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2014-1766.html	vendor-advisoryx_refsource_REDHAT
	http://www.debian.org/security/2014/dsa-3064	vendor-advisoryx_refsource_DEBIAN
	http://linux.oracle.com/errata/ELSA-2014-1768.html	x_refsource_CONFIRM
	http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=…	x_refsource_CONFIRM
	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	http://php.net/ChangeLog-5.php	x_refsource_CONFIRM
	https://bugzilla.redhat.com/show_bug.cgi?id=1154500	x_refsource_CONFIRM
	https://bugs.php.net/bug.php?id=68044	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/70611	vdb-entryx_refsource_BID
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://secunia.com/advisories/61970	third-party-advisoryx_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-updates/2015-0…	vendor-advisoryx_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2014-1765.html	vendor-advisoryx_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2014-1768.html	vendor-advisoryx_refsource_REDHAT
	http://secunia.com/advisories/60699	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/60630	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:50:18.251Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2014:1824",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1824.html"
          },
          {
            "name": "59967",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59967"
          },
          {
            "name": "openSUSE-SU-2014:1391",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00034.html"
          },
          {
            "name": "RHSA-2014:1767",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1767.html"
          },
          {
            "name": "USN-2391-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2391-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT204659"
          },
          {
            "name": "openSUSE-SU-2014:1377",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00024.html"
          },
          {
            "name": "61982",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61982"
          },
          {
            "name": "61763",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61763"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://linux.oracle.com/errata/ELSA-2014-1767.html"
          },
          {
            "name": "RHSA-2014:1766",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
          },
          {
            "name": "DSA-3064",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-3064"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://linux.oracle.com/errata/ELSA-2014-1768.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=56754a7f9eba0e4f559b6ca081d9f2a447b3f159"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://php.net/ChangeLog-5.php"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1154500"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.php.net/bug.php?id=68044"
          },
          {
            "name": "70611",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/70611"
          },
          {
            "name": "APPLE-SA-2015-04-08-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
          },
          {
            "name": "61970",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61970"
          },
          {
            "name": "openSUSE-SU-2015:0014",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00006.html"
          },
          {
            "name": "RHSA-2014:1765",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
          },
          {
            "name": "RHSA-2014:1768",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1768.html"
          },
          {
            "name": "60699",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60699"
          },
          {
            "name": "60630",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60630"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-10-16T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function that triggers calculation of a large length value."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-30T15:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2014:1824",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1824.html"
        },
        {
          "name": "59967",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59967"
        },
        {
          "name": "openSUSE-SU-2014:1391",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00034.html"
        },
        {
          "name": "RHSA-2014:1767",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1767.html"
        },
        {
          "name": "USN-2391-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2391-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT204659"
        },
        {
          "name": "openSUSE-SU-2014:1377",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00024.html"
        },
        {
          "name": "61982",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61982"
        },
        {
          "name": "61763",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61763"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://linux.oracle.com/errata/ELSA-2014-1767.html"
        },
        {
          "name": "RHSA-2014:1766",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
        },
        {
          "name": "DSA-3064",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-3064"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://linux.oracle.com/errata/ELSA-2014-1768.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=56754a7f9eba0e4f559b6ca081d9f2a447b3f159"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://php.net/ChangeLog-5.php"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1154500"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.php.net/bug.php?id=68044"
        },
        {
          "name": "70611",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/70611"
        },
        {
          "name": "APPLE-SA-2015-04-08-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
        },
        {
          "name": "61970",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61970"
        },
        {
          "name": "openSUSE-SU-2015:0014",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00006.html"
        },
        {
          "name": "RHSA-2014:1765",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
        },
        {
          "name": "RHSA-2014:1768",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1768.html"
        },
        {
          "name": "60699",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60699"
        },
        {
          "name": "60630",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60630"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2014-3669",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function that triggers calculation of a large length value."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2014:1824",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1824.html"
            },
            {
              "name": "59967",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59967"
            },
            {
              "name": "openSUSE-SU-2014:1391",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00034.html"
            },
            {
              "name": "RHSA-2014:1767",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1767.html"
            },
            {
              "name": "USN-2391-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2391-1"
            },
            {
              "name": "https://support.apple.com/HT204659",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT204659"
            },
            {
              "name": "openSUSE-SU-2014:1377",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00024.html"
            },
            {
              "name": "61982",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61982"
            },
            {
              "name": "61763",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61763"
            },
            {
              "name": "http://linux.oracle.com/errata/ELSA-2014-1767.html",
              "refsource": "CONFIRM",
              "url": "http://linux.oracle.com/errata/ELSA-2014-1767.html"
            },
            {
              "name": "RHSA-2014:1766",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
            },
            {
              "name": "DSA-3064",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-3064"
            },
            {
              "name": "http://linux.oracle.com/errata/ELSA-2014-1768.html",
              "refsource": "CONFIRM",
              "url": "http://linux.oracle.com/errata/ELSA-2014-1768.html"
            },
            {
              "name": "http://git.php.net/?p=php-src.git;a=commit;h=56754a7f9eba0e4f559b6ca081d9f2a447b3f159",
              "refsource": "CONFIRM",
              "url": "http://git.php.net/?p=php-src.git;a=commit;h=56754a7f9eba0e4f559b6ca081d9f2a447b3f159"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
            },
            {
              "name": "http://php.net/ChangeLog-5.php",
              "refsource": "CONFIRM",
              "url": "http://php.net/ChangeLog-5.php"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1154500",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1154500"
            },
            {
              "name": "https://bugs.php.net/bug.php?id=68044",
              "refsource": "CONFIRM",
              "url": "https://bugs.php.net/bug.php?id=68044"
            },
            {
              "name": "70611",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/70611"
            },
            {
              "name": "APPLE-SA-2015-04-08-2",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
            },
            {
              "name": "61970",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61970"
            },
            {
              "name": "openSUSE-SU-2015:0014",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00006.html"
            },
            {
              "name": "RHSA-2014:1765",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
            },
            {
              "name": "RHSA-2014:1768",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1768.html"
            },
            {
              "name": "60699",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60699"
            },
            {
              "name": "60630",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60630"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-3669",
    "datePublished": "2014-10-29T10:00:00.000Z",
    "dateReserved": "2014-05-14T00:00:00.000Z",
    "dateUpdated": "2024-08-06T10:50:18.251Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2015-AVI-139

Vulnerability from certfr_avis - Published: 2015-04-09 - Updated: 2015-04-09

De multiples vulnérabilités ont été corrigées dans Apple Macintosh OS X. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et une atteinte à la confidentialité des données.g

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Apple Macintosh OS X

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple APPLE-SA-2015-04-08-2 du 09 avril 2015	None	vendor-advisory
Bulletin de sécurité Apple APPLE-SA-2015-04-08-2 du 09 avril 2015	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eApple Macintosh OS X\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-3479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3479"
    },
    {
      "name": "CVE-2015-1134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1134"
    },
    {
      "name": "CVE-2015-1098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1098"
    },
    {
      "name": "CVE-2014-0238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0238"
    },
    {
      "name": "CVE-2015-1132",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1132"
    },
    {
      "name": "CVE-2014-0207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0207"
    },
    {
      "name": "CVE-2015-1545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1545"
    },
    {
      "name": "CVE-2014-0118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0118"
    },
    {
      "name": "CVE-2014-3571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3571"
    },
    {
      "name": "CVE-2015-1117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1117"
    },
    {
      "name": "CVE-2015-1131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1131"
    },
    {
      "name": "CVE-2014-3669",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3669"
    },
    {
      "name": "CVE-2015-1136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1136"
    },
    {
      "name": "CVE-2015-1144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1144"
    },
    {
      "name": "CVE-2015-1104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1104"
    },
    {
      "name": "CVE-2015-1105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1105"
    },
    {
      "name": "CVE-2014-4380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4380"
    },
    {
      "name": "CVE-2014-5120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-5120"
    },
    {
      "name": "CVE-2015-1146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1146"
    },
    {
      "name": "CVE-2014-3538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3538"
    },
    {
      "name": "CVE-2015-1093",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1093"
    },
    {
      "name": "CVE-2015-1141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1141"
    },
    {
      "name": "CVE-2014-0237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0237"
    },
    {
      "name": "CVE-2014-0117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0117"
    },
    {
      "name": "CVE-2014-4405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4405"
    },
    {
      "name": "CVE-2015-1102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1102"
    },
    {
      "name": "CVE-2014-0098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0098"
    },
    {
      "name": "CVE-2015-1137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1137"
    },
    {
      "name": "CVE-2014-2497",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2497"
    },
    {
      "name": "CVE-2015-1091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1091"
    },
    {
      "name": "CVE-2015-1100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1100"
    },
    {
      "name": "CVE-2015-1133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1133"
    },
    {
      "name": "CVE-2014-4404",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4404"
    },
    {
      "name": "CVE-2014-3710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3710"
    },
    {
      "name": "CVE-2015-1088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1088"
    },
    {
      "name": "CVE-2013-5704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5704"
    },
    {
      "name": "CVE-2014-0231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0231"
    },
    {
      "name": "CVE-2014-4670",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4670"
    },
    {
      "name": "CVE-2015-1099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1099"
    },
    {
      "name": "CVE-2015-1138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1138"
    },
    {
      "name": "CVE-2014-8830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8830"
    },
    {
      "name": "CVE-2015-1145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1145"
    },
    {
      "name": "CVE-2015-0204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0204"
    },
    {
      "name": "CVE-2014-3480",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3480"
    },
    {
      "name": "CVE-2014-3478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3478"
    },
    {
      "name": "CVE-2015-1101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1101"
    },
    {
      "name": "CVE-2015-1140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1140"
    },
    {
      "name": "CVE-2015-1089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1089"
    },
    {
      "name": "CVE-2014-8275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8275"
    },
    {
      "name": "CVE-2015-1546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1546"
    },
    {
      "name": "CVE-2014-4698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4698"
    },
    {
      "name": "CVE-2014-3668",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3668"
    },
    {
      "name": "CVE-2015-1143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1143"
    },
    {
      "name": "CVE-2015-1130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1130"
    },
    {
      "name": "CVE-2013-6438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6438"
    },
    {
      "name": "CVE-2014-3572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3572"
    },
    {
      "name": "CVE-2014-3569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3569"
    },
    {
      "name": "CVE-2014-3670",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3670"
    },
    {
      "name": "CVE-2014-3587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3587"
    },
    {
      "name": "CVE-2015-1135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1135"
    },
    {
      "name": "CVE-2014-3487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3487"
    },
    {
      "name": "CVE-2014-4049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4049"
    },
    {
      "name": "CVE-2014-3597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3597"
    },
    {
      "name": "CVE-2014-3523",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3523"
    }
  ],
  "initial_release_date": "2015-04-09T00:00:00",
  "last_revision_date": "2015-04-09T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple APPLE-SA-2015-04-08-2 du 09    avril 2015",
      "url": "https://support.apple.com/en-us/HT204659"
    }
  ],
  "reference": "CERTFR-2015-AVI-139",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-04-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple Macintosh OS X\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire, un d\u00e9ni de\nservice et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.g\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple Macintosh OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple APPLE-SA-2015-04-08-2 du 09 avril 2015",
      "url": null
    }
  ]
}

CERTFR-2014-AVI-483

Vulnerability from certfr_avis - Published: 2014-11-14 - Updated: 2014-11-14

De multiples vulnérabilités ont été corrigées dans PHP. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité PHP du 13 novembre 2014

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003e\u003c/p\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-3669",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3669"
    },
    {
      "name": "CVE-2014-3710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3710"
    },
    {
      "name": "CVE-2014-3668",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3668"
    },
    {
      "name": "CVE-2014-3670",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3670"
    }
  ],
  "initial_release_date": "2014-11-14T00:00:00",
  "last_revision_date": "2014-11-14T00:00:00",
  "links": [],
  "reference": "CERTFR-2014-AVI-483",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-11-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ePHP\u003c/span\u003e. Elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans PHP",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 PHP du 13 novembre 2014",
      "url": "http://php.net/ChangeLog-5.php"
    }
  ]
}

GHSA-H4MF-XGWJ-Q6F7

Vulnerability from github – Published: 2022-05-17 03:11 – Updated: 2025-04-12 12:41

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-3669"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-10-29T10:55:00Z",
    "severity": "HIGH"
  },
  "details": "Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function that triggers calculation of a large length value.",
  "id": "GHSA-h4mf-xgwj-q6f7",
  "modified": "2025-04-12T12:41:19Z",
  "published": "2022-05-17T03:11:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3669"
    },
    {
      "type": "WEB",
      "url": "https://bugs.php.net/bug.php?id=68044"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1154500"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT204659"
    },
    {
      "type": "WEB",
      "url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=56754a7f9eba0e4f559b6ca081d9f2a447b3f159"
    },
    {
      "type": "WEB",
      "url": "http://git.php.net/?p=php-src.git;a=commit;h=56754a7f9eba0e4f559b6ca081d9f2a447b3f159"
    },
    {
      "type": "WEB",
      "url": "http://linux.oracle.com/errata/ELSA-2014-1767.html"
    },
    {
      "type": "WEB",
      "url": "http://linux.oracle.com/errata/ELSA-2014-1768.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00024.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00034.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00006.html"
    },
    {
      "type": "WEB",
      "url": "http://php.net/ChangeLog-5.php"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1767.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1768.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1824.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59967"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/60630"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/60699"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/61763"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/61970"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/61982"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2014/dsa-3064"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/70611"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2391-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2014-3669

Vulnerability from fkie_nvd - Published: 2014-10-29 10:55 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=56754a7f9eba0e4f559b6ca081d9f2a447b3f159
secalert@redhat.com	http://linux.oracle.com/errata/ELSA-2014-1767.html
secalert@redhat.com	http://linux.oracle.com/errata/ELSA-2014-1768.html
secalert@redhat.com	http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
secalert@redhat.com	http://lists.opensuse.org/opensuse-updates/2014-11/msg00024.html
secalert@redhat.com	http://lists.opensuse.org/opensuse-updates/2014-11/msg00034.html
secalert@redhat.com	http://lists.opensuse.org/opensuse-updates/2015-01/msg00006.html
secalert@redhat.com	http://php.net/ChangeLog-5.php
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2014-1765.html
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2014-1766.html
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2014-1767.html
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2014-1768.html
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2014-1824.html
secalert@redhat.com	http://secunia.com/advisories/59967
secalert@redhat.com	http://secunia.com/advisories/60630
secalert@redhat.com	http://secunia.com/advisories/60699
secalert@redhat.com	http://secunia.com/advisories/61763
secalert@redhat.com	http://secunia.com/advisories/61970
secalert@redhat.com	http://secunia.com/advisories/61982
secalert@redhat.com	http://www.debian.org/security/2014/dsa-3064
secalert@redhat.com	http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
secalert@redhat.com	http://www.securityfocus.com/bid/70611
secalert@redhat.com	http://www.ubuntu.com/usn/USN-2391-1
secalert@redhat.com	https://bugs.php.net/bug.php?id=68044	Exploit, Patch, Vendor Advisory
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=1154500
secalert@redhat.com	https://support.apple.com/HT204659
af854a3a-2127-422b-91ae-364da2661108	http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=56754a7f9eba0e4f559b6ca081d9f2a447b3f159
af854a3a-2127-422b-91ae-364da2661108	http://linux.oracle.com/errata/ELSA-2014-1767.html
af854a3a-2127-422b-91ae-364da2661108	http://linux.oracle.com/errata/ELSA-2014-1768.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2014-11/msg00024.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2014-11/msg00034.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2015-01/msg00006.html
af854a3a-2127-422b-91ae-364da2661108	http://php.net/ChangeLog-5.php
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2014-1765.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2014-1766.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2014-1767.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2014-1768.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2014-1824.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/59967
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/60630
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/60699
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/61763
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/61970
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/61982
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2014/dsa-3064
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/70611
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-2391-1
af854a3a-2127-422b-91ae-364da2661108	https://bugs.php.net/bug.php?id=68044	Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1154500
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT204659

Impacted products

Vendor	Product	Version
php	php	*
php	php	5.4.0
php	php	5.4.1
php	php	5.4.2
php	php	5.4.3
php	php	5.4.4
php	php	5.4.5
php	php	5.4.6
php	php	5.4.7
php	php	5.4.8
php	php	5.4.9
php	php	5.4.10
php	php	5.4.11
php	php	5.4.12
php	php	5.4.12
php	php	5.4.12
php	php	5.4.13
php	php	5.4.13
php	php	5.4.14
php	php	5.4.14
php	php	5.4.15
php	php	5.4.16
php	php	5.4.17
php	php	5.4.18
php	php	5.4.19
php	php	5.4.20
php	php	5.4.21
php	php	5.4.22
php	php	5.4.23
php	php	5.4.24
php	php	5.4.25
php	php	5.4.26
php	php	5.4.27
php	php	5.4.28
php	php	5.4.29
php	php	5.4.30
php	php	5.4.31
php	php	5.4.32
php	php	5.5.0
php	php	5.5.0
php	php	5.5.0
php	php	5.5.0
php	php	5.5.0
php	php	5.5.0
php	php	5.5.0
php	php	5.5.0
php	php	5.5.0
php	php	5.5.0
php	php	5.5.0
php	php	5.5.0
php	php	5.5.0
php	php	5.5.1
php	php	5.5.2
php	php	5.5.3
php	php	5.5.4
php	php	5.5.5
php	php	5.5.6
php	php	5.5.7
php	php	5.5.8
php	php	5.5.9
php	php	5.5.10
php	php	5.5.11
php	php	5.5.12
php	php	5.5.13
php	php	5.5.14
php	php	5.5.15
php	php	5.5.16
php	php	5.5.17
php	php	5.6.0
php	php	5.6.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "324E4135-7908-46DF-A34B-5665D28C8999",
              "versionEndIncluding": "5.4.33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7B9B8D2-78B7-4B17-955B-741C7A6F6634",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CA2A940-BD69-4D35-AF12-432CB929248B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "29BD13F9-86C8-44C4-A860-9A87870A518E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B361FDE-9F6A-4E9A-96F1-619DC56EECB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DBD9E7B-1237-47A8-8A07-5CC5246A9C5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F2BB41E-2096-4291-B0ED-06825FDFE8BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "52BA94F7-1AF9-415C-AC21-30BC25C74C5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0A739A0-698A-422B-886B-430A79F6E945",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "086E0D24-A43E-4CEA-9FB0-FE193B88CC31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC8D0963-8CA5-4814-9B6D-4E1C3907737B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "77A4B7E0-C872-4E53-AD72-1BB2755E4FDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "EECCD553-53D5-485E-8C21-E2A5070833B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "95357C79-A754-4E0C-B65B-0FA241962B12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.4.12:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "25EAF9A9-F7A1-4AC7-BCFD-769BE0FDB537",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.4.12:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "74EA8037-7C22-48B3-9FA2-4BFFFFD513D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.4.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8D1254E-0C72-4958-BA7F-5B818C3ACB15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.4.13:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "92994FFC-F362-48AC-9CA8-8EBCAC880C91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.4.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "21131DF1-1EE5-4C84-B1E0-FA75BC39B344",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.4.14:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0B23F85D-465B-4176-9798-E78AADE421EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.4.15:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "ADEE52B4-8392-4321-8C00-FABA6270E728",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.4.16:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "57D74F58-DB3A-4A70-93CF-B350DB65EF49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.4.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAEE86A0-C3FC-446E-8DF0-4FA32F741E1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.4.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "90B670B6-A211-40C6-A8A0-1B0188EF891F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.4.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAAC4776-F3FF-42D8-AC6E-4746987D30BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.4.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "41DC16B7-7A45-4BDE-B340-F17D97CA3BDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.4.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FD7C2E6-9B34-4890-A0D1-39BB8ECA47E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.4.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F8F72EC-7431-4B36-89EF-E7593ACFBFEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.4.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "86E9AC84-430D-4FDA-8FFE-B77E17803A11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.4.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "5238A7AE-D3FD-4465-95D7-F9C8787F9463",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.4.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B877725-43E7-479E-9FA3-6D2FFE89B620",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.4.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB33BBC0-9D17-4369-A52D-B4B65150380A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.4.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "95E112B5-12CC-40D5-AA1E-B5FB1ABC831E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.4.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "B078B1E5-14BD-4004-8384-4656E1063EC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.4.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "27BB02F3-99A1-428C-A3C9-614B1277C88D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.4.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "42873F3E-55BA-4CF3-BA13-13E49E59C363",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.4.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "98C7A829-D27A-401E-A525-3327750A1FDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.4.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A647D7F-29A9-40CE-9F15-A53D15DDC18F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F6D9B19-E64D-4BED-9194-17460CE19E6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "3D25E591-448C-4E3B-8557-6E48F7571796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "6DA18F3F-B4B5-40C3-BF19-67C1F0C1787D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*",
              "matchCriteriaId": "3AF783C9-26E7-4E02-BD41-77B9783667E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*",
              "matchCriteriaId": "EF49701D-ECE4-4CEB-BDAB-24C09C8AD4B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*",
              "matchCriteriaId": "7AEDF6F7-001D-4A35-A26F-417991AD377F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*",
              "matchCriteriaId": "4031DB99-B4B4-41EC-B3C1-543D92C575A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "D5450EA7-A398-49D2-AA8E-7C95B074BAB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "04FE0E4E-BC94-4DC9-BE9B-DC57B952B2FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "BB8E09D8-9CBE-4279-88B7-24A214A5A537",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "2D41ECCE-887D-49A2-9BB3-B559495AC55B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "79B418BC-27F4-4443-A0F7-FF4ADA568C1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "8EEBDF62-BA1B-4438-9AEA-8B56AA5713E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F644EA6C-50C6-4A1C-A4AC-287AA9477B46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DD47F30-74F5-48E8-8657-C2373FE2BD22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C09527B-6B47-41F8-BDE6-01C47E452286",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E454D87-23CB-4D7F-90FE-942EE54D661F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1031E646-F2CF-4A3E-8E6A-5D4BC950BEDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "130E50C1-D209-4CFF-9399-69D561340FBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1F29948-9417-460B-8B04-D91AE4E8B423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "A37D00C1-4F41-4400-9CE4-8E8BAA3E4142",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "093D08B7-CC3C-4616-8697-F15B253A7D9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9CD8FEE-DE7B-47CB-9985-4092BFA071D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "A30B2D9E-F289-43C9-BFBC-1CEF284A417E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE41CFDF-8ECD-41C1-94A7-5AFD42C5DDEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AEAC9BA-AF82-4345-839C-D339DCB962A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EFE682F-52E3-48EC-A993-F522FC29712F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "840EE3AC-5293-4F33-9E2C-96A0A2534B02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C0FC407-96DB-425E-BB57-7A5BA839C37F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3839C81-3DAB-4E1D-9D95-BEFFD491F43D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE65D0D4-CB56-4946-AB44-2EF554602A96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1F13E2D-A8F7-4B74-8D03-7905C81672C9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function that triggers calculation of a large length value."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de enteros en la funci\u00f3n object_custom en ext/standard/var_unserializer.c en PHP anterior a 5.4.34, 5.5.x anterior a 5.5.18, y 5.6.x anterior a 5.6.2 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de un argumento en la funci\u00f3n unserialize que provoca el calculo de un valor grande de longitud."
    }
  ],
  "id": "CVE-2014-3669",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-10-29T10:55:03.820",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=56754a7f9eba0e4f559b6ca081d9f2a447b3f159"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://linux.oracle.com/errata/ELSA-2014-1767.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://linux.oracle.com/errata/ELSA-2014-1768.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00024.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00034.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00006.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://php.net/ChangeLog-5.php"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1767.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1768.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1824.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/59967"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/60630"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/60699"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/61763"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/61970"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/61982"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2014/dsa-3064"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/70611"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-2391-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugs.php.net/bug.php?id=68044"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1154500"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://support.apple.com/HT204659"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=56754a7f9eba0e4f559b6ca081d9f2a447b3f159"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://linux.oracle.com/errata/ELSA-2014-1767.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://linux.oracle.com/errata/ELSA-2014-1768.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00024.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00034.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://php.net/ChangeLog-5.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1767.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1768.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1824.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59967"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/60630"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/60699"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/61763"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/61970"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/61982"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2014/dsa-3064"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/70611"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2391-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugs.php.net/bug.php?id=68044"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1154500"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.apple.com/HT204659"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2014-3669

Vulnerability from fstec - Published: 29.10.2014

Title

Уязвимость функции object_custom интерпретатора языка программирования PHP, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Description

Уязвимость функции object_custom (ext/standard/var_unserializer.c) интерпретатора языка программирования PHP связана с ошибками обработки чисел. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании или выполнить произвольный код

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Vendor

Canonical Ltd., Red Hat Inc., Novell Inc., Сообщество свободного программного обеспечения, PHP Group

Software Name

Ubuntu, Red Hat Enterprise Linux, OpenSUSE Leap, Debian GNU/Linux, PHP

Software Version

14.10 (Ubuntu), 5 (Red Hat Enterprise Linux), 6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 12.04 (Ubuntu), 15.0 (OpenSUSE Leap), 14.04 ESM (Ubuntu), 7 (Debian GNU/Linux), 6 (Debian GNU/Linux), 10.04 (Ubuntu), до 5.4.34 (PHP), от 5.5.0 до 5.5.18 (PHP), от 5.6.0 до 5.6.2 (PHP)

Possible Mitigations

Использование рекомендаций: https://bugs.php.net/bug.php?id=68044 Для программных продуктов Novell Inc.: https://www.suse.com/security/cve/CVE-2014-3669 Для программных продуктов Red Hat Inc.: https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3669.xml Для Ubuntu: https://ubuntu.com/security/CVE-2014-3669 Для Debian GNU/Linux: https://security-tracker.debian.org/tracker/CVE-2014-3669

Reference

https://bugs.php.net/bug.php?id=68044 http://php.net/ChangeLog-5.php http://git.php.net/?p=php-src.git;a=commit;h=56754a7f9eba0e4f559b6ca081d9f2a447b3f159 https://bugzilla.redhat.com/show_bug.cgi?id=1154500 http://lists.opensuse.org/opensuse-updates/2014-11/msg00024.html http://rhn.redhat.com/errata/RHSA-2014-1768.html http://secunia.com/advisories/61982 http://secunia.com/advisories/60699 http://www.ubuntu.com/usn/USN-2391-1 http://rhn.redhat.com/errata/RHSA-2014-1767.html http://linux.oracle.com/errata/ELSA-2014-1767.html http://secunia.com/advisories/60630 http://linux.oracle.com/errata/ELSA-2014-1768.html http://secunia.com/advisories/59967 http://www.debian.org/security/2014/dsa-3064 http://secunia.com/advisories/61763 http://secunia.com/advisories/61970 http://rhn.redhat.com/errata/RHSA-2014-1766.html http://rhn.redhat.com/errata/RHSA-2014-1765.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00034.html http://rhn.redhat.com/errata/RHSA-2014-1824.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html https://support.apple.com/HT204659 http://lists.opensuse.org/opensuse-updates/2015-01/msg00006.html http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html http://www.securityfocus.com/bid/70611

CWE

CWE-189

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Canonical Ltd., Red Hat Inc., Novell Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, PHP Group",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "14.10 (Ubuntu), 5 (Red Hat Enterprise Linux), 6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 12.04 (Ubuntu), 15.0 (OpenSUSE Leap), 14.04 ESM (Ubuntu), 7 (Debian GNU/Linux), 6 (Debian GNU/Linux), 10.04 (Ubuntu), \u0434\u043e 5.4.34 (PHP), \u043e\u0442 5.5.0 \u0434\u043e 5.5.18 (PHP), \u043e\u0442 5.6.0 \u0434\u043e 5.6.2 (PHP)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://bugs.php.net/bug.php?id=68044\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2014-3669\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3669.xml\n\n\u0414\u043b\u044f Ubuntu:\nhttps://ubuntu.com/security/CVE-2014-3669\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2014-3669",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "29.10.2014",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "27.04.2022",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "27.04.2022",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-02651",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2014-3669",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Ubuntu, Red Hat Enterprise Linux, OpenSUSE Leap, Debian GNU/Linux, PHP",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Canonical Ltd. Ubuntu 14.10 , Red Hat Inc. Red Hat Enterprise Linux 5 , Red Hat Inc. Red Hat Enterprise Linux 6 , Red Hat Inc. Red Hat Enterprise Linux 7 , Canonical Ltd. Ubuntu 12.04 , Novell Inc. OpenSUSE Leap 15.0 , Canonical Ltd. Ubuntu 14.04 ESM , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 7 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 6 , Canonical Ltd. Ubuntu 10.04 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 object_custom \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0430\u0442\u043e\u0440\u0430 \u044f\u0437\u044b\u043a\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f PHP, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u043b\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041e\u0448\u0438\u0431\u043a\u0438, \u0432\u043e\u0437\u043d\u0438\u043a\u0430\u044e\u0449\u0438\u0435 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u0447\u0438\u0441\u0435\u043b (CWE-189)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 object_custom (ext/standard/var_unserializer.c) \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0430\u0442\u043e\u0440\u0430 \u044f\u0437\u044b\u043a\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f PHP \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u0447\u0438\u0441\u0435\u043b. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u043b\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://bugs.php.net/bug.php?id=68044\nhttp://php.net/ChangeLog-5.php\nhttp://git.php.net/?p=php-src.git;a=commit;h=56754a7f9eba0e4f559b6ca081d9f2a447b3f159\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1154500\nhttp://lists.opensuse.org/opensuse-updates/2014-11/msg00024.html\nhttp://rhn.redhat.com/errata/RHSA-2014-1768.html\nhttp://secunia.com/advisories/61982\nhttp://secunia.com/advisories/60699\nhttp://www.ubuntu.com/usn/USN-2391-1\nhttp://rhn.redhat.com/errata/RHSA-2014-1767.html\nhttp://linux.oracle.com/errata/ELSA-2014-1767.html\nhttp://secunia.com/advisories/60630\nhttp://linux.oracle.com/errata/ELSA-2014-1768.html\nhttp://secunia.com/advisories/59967\nhttp://www.debian.org/security/2014/dsa-3064\nhttp://secunia.com/advisories/61763\nhttp://secunia.com/advisories/61970\nhttp://rhn.redhat.com/errata/RHSA-2014-1766.html\nhttp://rhn.redhat.com/errata/RHSA-2014-1765.html\nhttp://lists.opensuse.org/opensuse-updates/2014-11/msg00034.html\nhttp://rhn.redhat.com/errata/RHSA-2014-1824.html\nhttp://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html\nhttps://support.apple.com/HT204659\nhttp://lists.opensuse.org/opensuse-updates/2015-01/msg00006.html\nhttp://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html\nhttp://www.securityfocus.com/bid/70611",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-189",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,3)"
}

GSD-2014-3669

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2014-3669

Aliases

CVE-2014-3669

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-3669",
    "description": "Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function that triggers calculation of a large length value.",
    "id": "GSD-2014-3669",
    "references": [
      "https://www.suse.com/security/cve/CVE-2014-3669.html",
      "https://www.debian.org/security/2014/dsa-3064",
      "https://access.redhat.com/errata/RHSA-2015:0021",
      "https://access.redhat.com/errata/RHSA-2014:1824",
      "https://access.redhat.com/errata/RHSA-2014:1768",
      "https://access.redhat.com/errata/RHSA-2014:1767",
      "https://access.redhat.com/errata/RHSA-2014:1766",
      "https://access.redhat.com/errata/RHSA-2014:1765",
      "https://ubuntu.com/security/CVE-2014-3669",
      "https://alas.aws.amazon.com/cve/html/CVE-2014-3669.html",
      "https://linux.oracle.com/cve/CVE-2014-3669.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-3669"
      ],
      "details": "Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function that triggers calculation of a large length value.",
      "id": "GSD-2014-3669",
      "modified": "2023-12-13T01:22:53.205471Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2014-3669",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function that triggers calculation of a large length value."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "RHSA-2014:1824",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1824.html"
          },
          {
            "name": "59967",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/59967"
          },
          {
            "name": "openSUSE-SU-2014:1391",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00034.html"
          },
          {
            "name": "RHSA-2014:1767",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1767.html"
          },
          {
            "name": "USN-2391-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-2391-1"
          },
          {
            "name": "https://support.apple.com/HT204659",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT204659"
          },
          {
            "name": "openSUSE-SU-2014:1377",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00024.html"
          },
          {
            "name": "61982",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/61982"
          },
          {
            "name": "61763",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/61763"
          },
          {
            "name": "http://linux.oracle.com/errata/ELSA-2014-1767.html",
            "refsource": "CONFIRM",
            "url": "http://linux.oracle.com/errata/ELSA-2014-1767.html"
          },
          {
            "name": "RHSA-2014:1766",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
          },
          {
            "name": "DSA-3064",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2014/dsa-3064"
          },
          {
            "name": "http://linux.oracle.com/errata/ELSA-2014-1768.html",
            "refsource": "CONFIRM",
            "url": "http://linux.oracle.com/errata/ELSA-2014-1768.html"
          },
          {
            "name": "http://git.php.net/?p=php-src.git;a=commit;h=56754a7f9eba0e4f559b6ca081d9f2a447b3f159",
            "refsource": "CONFIRM",
            "url": "http://git.php.net/?p=php-src.git;a=commit;h=56754a7f9eba0e4f559b6ca081d9f2a447b3f159"
          },
          {
            "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
          },
          {
            "name": "http://php.net/ChangeLog-5.php",
            "refsource": "CONFIRM",
            "url": "http://php.net/ChangeLog-5.php"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1154500",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1154500"
          },
          {
            "name": "https://bugs.php.net/bug.php?id=68044",
            "refsource": "CONFIRM",
            "url": "https://bugs.php.net/bug.php?id=68044"
          },
          {
            "name": "70611",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/70611"
          },
          {
            "name": "APPLE-SA-2015-04-08-2",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
          },
          {
            "name": "61970",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/61970"
          },
          {
            "name": "openSUSE-SU-2015:0014",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00006.html"
          },
          {
            "name": "RHSA-2014:1765",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
          },
          {
            "name": "RHSA-2014:1768",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1768.html"
          },
          {
            "name": "60699",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/60699"
          },
          {
            "name": "60630",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/60630"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.4.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.4.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.4.32:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.4.33",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.4.23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.4.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.4.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.4.27:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.4.26:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.4.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.4.13:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.4.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.4.30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.4.31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.4.25:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.4.24:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.4.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.4.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.4.12:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.4.12:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.4.16:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.4.15:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.4.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.4.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.4.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.4.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.4.29:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.4.28:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.4.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.4.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.4.14:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.4.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.4.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2014-3669"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function that triggers calculation of a large length value."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-189"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugs.php.net/bug.php?id=68044",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://bugs.php.net/bug.php?id=68044"
            },
            {
              "name": "http://php.net/ChangeLog-5.php",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://php.net/ChangeLog-5.php"
            },
            {
              "name": "http://git.php.net/?p=php-src.git;a=commit;h=56754a7f9eba0e4f559b6ca081d9f2a447b3f159",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://git.php.net/?p=php-src.git;a=commit;h=56754a7f9eba0e4f559b6ca081d9f2a447b3f159"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1154500",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1154500"
            },
            {
              "name": "openSUSE-SU-2014:1377",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00024.html"
            },
            {
              "name": "RHSA-2014:1768",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1768.html"
            },
            {
              "name": "61982",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/61982"
            },
            {
              "name": "60699",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/60699"
            },
            {
              "name": "USN-2391-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-2391-1"
            },
            {
              "name": "RHSA-2014:1767",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1767.html"
            },
            {
              "name": "http://linux.oracle.com/errata/ELSA-2014-1767.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://linux.oracle.com/errata/ELSA-2014-1767.html"
            },
            {
              "name": "60630",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/60630"
            },
            {
              "name": "http://linux.oracle.com/errata/ELSA-2014-1768.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://linux.oracle.com/errata/ELSA-2014-1768.html"
            },
            {
              "name": "59967",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/59967"
            },
            {
              "name": "DSA-3064",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2014/dsa-3064"
            },
            {
              "name": "61763",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/61763"
            },
            {
              "name": "61970",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/61970"
            },
            {
              "name": "RHSA-2014:1766",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
            },
            {
              "name": "RHSA-2014:1765",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
            },
            {
              "name": "openSUSE-SU-2014:1391",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00034.html"
            },
            {
              "name": "RHSA-2014:1824",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1824.html"
            },
            {
              "name": "APPLE-SA-2015-04-08-2",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
            },
            {
              "name": "https://support.apple.com/HT204659",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://support.apple.com/HT204659"
            },
            {
              "name": "openSUSE-SU-2015:0014",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00006.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
            },
            {
              "name": "70611",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/70611"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-01-03T02:59Z",
      "publishedDate": "2014-10-29T10:55Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2014-3669 (GCVE-0-2014-3669)

CERTFR-2015-AVI-139

Solution

CERTFR-2014-AVI-483

Solution

GHSA-H4MF-XGWJ-Q6F7

FKIE_CVE-2014-3669

CVE-2014-3669

GSD-2014-3669

Tags

Sightings

Nomenclature