Описание
The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related to "type confusion" issues in (1) ArrayObject and (2) SPLObjectStorage.
A type confusion issue was found in the SPL ArrayObject and SPLObjectStorage classes' unserialize() method. A remote attacker able to submit specially crafted input to a PHP application, which would then unserialize this input using one of the aforementioned methods, could use this flaw to execute arbitrary code with the privileges of the user running that PHP application.
Отчет
This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 5.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | php | Not affected | ||
| Red Hat Enterprise Linux 5 | php53 | Fixed | RHSA-2014:1012 | 06.08.2014 |
| Red Hat Enterprise Linux 6 | php | Fixed | RHSA-2014:1012 | 06.08.2014 |
| Red Hat Enterprise Linux 7 | php | Fixed | RHSA-2014:1013 | 06.08.2014 |
| Red Hat Software Collections 1 for Red Hat Enterprise Linux 6 | php54-php | Fixed | RHSA-2014:1765 | 30.10.2014 |
| Red Hat Software Collections 1 for Red Hat Enterprise Linux 6 | php55-php | Fixed | RHSA-2014:1766 | 30.10.2014 |
| Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS | php54-php | Fixed | RHSA-2014:1765 | 30.10.2014 |
| Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS | php55-php | Fixed | RHSA-2014:1766 | 30.10.2014 |
| Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS | php54-php | Fixed | RHSA-2014:1765 | 30.10.2014 |
| Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS | php55-php | Fixed | RHSA-2014:1766 | 30.10.2014 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.1 Medium
CVSS2
Связанные уязвимости
The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related to "type confusion" issues in (1) ArrayObject and (2) SPLObjectStorage.
The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related to "type confusion" issues in (1) ArrayObject and (2) SPLObjectStorage.
The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorre ...
The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related to "type confusion" issues in (1) ArrayObject and (2) SPLObjectStorage.
Уязвимость программного обеспечения PHP, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
EPSS
5.1 Medium
CVSS2