Описание
Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments.
A use-after-free flaw was found in the way PHP handled certain Standard PHP Library (SPL) Iterators. A malicious script author could possibly use this flaw to disclose certain portions of server memory.
Отчет
This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 5.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Enterprise 1 | php | Will not fix | ||
| Red Hat Enterprise Linux 5 | php | Not affected | ||
| Red Hat OpenShift Enterprise 2 | php | Will not fix | ||
| Red Hat Enterprise Linux 5 | php53 | Fixed | RHSA-2014:1326 | 30.09.2014 |
| Red Hat Enterprise Linux 6 | php | Fixed | RHSA-2014:1326 | 30.09.2014 |
| Red Hat Enterprise Linux 7 | php | Fixed | RHSA-2014:1327 | 30.09.2014 |
| Red Hat Software Collections 1 for Red Hat Enterprise Linux 6 | php54-php | Fixed | RHSA-2014:1765 | 30.10.2014 |
| Red Hat Software Collections 1 for Red Hat Enterprise Linux 6 | php55-php | Fixed | RHSA-2014:1766 | 30.10.2014 |
| Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS | php54-php | Fixed | RHSA-2014:1765 | 30.10.2014 |
| Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS | php55-php | Fixed | RHSA-2014:1766 | 30.10.2014 |
Показывать по
Дополнительная информация
Статус:
2.1 Low
CVSS2
Связанные уязвимости
Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments.
Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments.
Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL compon ...
Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments.
Уязвимость программного обеспечения PHP, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
2.1 Low
CVSS2