Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-9912

Опубликовано: 08 июн. 2014
Источник: redhat
CVSS3: 6.8
CVSS2: 5.8
EPSS Низкий

Описание

The get_icu_disp_value_src_php function in ext/intl/locale/locale_methods.c in PHP before 5.3.29, 5.4.x before 5.4.30, and 5.5.x before 5.5.14 does not properly restrict calls to the ICU uresbund.cpp component, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a locale_get_display_name call with a long first argument.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5phpWill not fix
Red Hat Enterprise Linux 5php53Will not fix
Red Hat Enterprise Linux 6phpWill not fix
Red Hat Enterprise Linux 7phpWill not fix
Red Hat Software Collectionsrh-php56-phpNot affected
Red Hat Software Collectionsrh-php70-phpNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-121
https://bugzilla.redhat.com/show_bug.cgi?id=1399433php: stack buffer overflow in locale_get_display_name

EPSS

Процентиль: 79%
0.01321
Низкий

6.8 Medium

CVSS3

5.8 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2014-9912

CVSS3: 9.8
ubuntu
больше 8 лет назад

The get_icu_disp_value_src_php function in ext/intl/locale/locale_methods.c in PHP before 5.3.29, 5.4.x before 5.4.30, and 5.5.x before 5.5.14 does not properly restrict calls to the ICU uresbund.cpp component, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a locale_get_display_name call with a long first argument.

nvd логотип

CVE-2014-9912

CVSS3: 9.8
nvd
больше 8 лет назад

The get_icu_disp_value_src_php function in ext/intl/locale/locale_methods.c in PHP before 5.3.29, 5.4.x before 5.4.30, and 5.5.x before 5.5.14 does not properly restrict calls to the ICU uresbund.cpp component, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a locale_get_display_name call with a long first argument.

debian логотип

CVE-2014-9912

CVSS3: 9.8
debian
больше 8 лет назад

The get_icu_disp_value_src_php function in ext/intl/locale/locale_meth ...

github логотип

GHSA-283g-59hf-7q7h

CVSS3: 9.8
github
больше 3 лет назад

The get_icu_disp_value_src_php function in ext/intl/locale/locale_methods.c in PHP before 5.3.29, 5.4.x before 5.4.30, and 5.5.x before 5.5.14 does not properly restrict calls to the ICU uresbund.cpp component, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a locale_get_display_name call with a long first argument.

fstec логотип

BDU:2022-02648

CVSS3: 9.8
fstec
больше 8 лет назад

Уязвимость функции get_icu_disp_value_src_php интерпретатора языка программирования PHP, позволяющая нарушителю вызвать отказ в обслуживании или, возможно, оказать другое воздействие

EPSS

Процентиль: 79%
0.01321
Низкий

6.8 Medium

CVSS3

5.8 Medium

CVSS2