Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2014-3669

Опубликовано: 29 окт. 2014
Источник: ubuntu
Приоритет: medium
CVSS2: 7.5

Описание

Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function that triggers calculation of a large length value.

РелизСтатусПримечание
devel

released

5.5.12+dfsg-2ubuntu5
esm-infra-legacy/trusty

not-affected

5.5.9+dfsg-1ubuntu4.5
lucid

released

5.3.2-1ubuntu4.28
precise

released

5.3.10-1ubuntu3.15
trusty

released

5.5.9+dfsg-1ubuntu4.5
trusty/esm

not-affected

5.5.9+dfsg-1ubuntu4.5
upstream

released

5.4.34, 5.5.18, 5.6.1
utopic

released

5.5.12+dfsg-2ubuntu4.1

Показывать по

Ссылки на источники

7.5 High

CVSS2

Связанные уязвимости

redhat логотип

CVE-2014-3669

redhat
почти 11 лет назад

Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function that triggers calculation of a large length value.

nvd логотип

CVE-2014-3669

nvd
больше 10 лет назад

Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function that triggers calculation of a large length value.

debian логотип

CVE-2014-3669

debian
больше 10 лет назад

Integer overflow in the object_custom function in ext/standard/var_uns ...

github логотип

GHSA-h4mf-xgwj-q6f7

github
около 3 лет назад

Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function that triggers calculation of a large length value.

fstec логотип

BDU:2022-02651

CVSS3: 7.3
fstec
больше 10 лет назад

Уязвимость функции object_custom интерпретатора языка программирования PHP, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

7.5 High

CVSS2