CVE-2014-4698

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 10-07-2014 01:06

Last modified: - 19-01-2023 05:35

Total changes: - 2

Description

Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments.

Common Vulnerability Scoring System (CVSS)

AV:L/AC:L/Au:N/C:P/I:P/A:P

Low

Attack complexity

Local

Attack vector

Low

Availability

Low

Confidentiality

Low

Integrity

Privileges required

Scope

User interaction

4.6

Base score

3.9

6.4

Exploitability score

Impact score

Verification logic

Reference

https://bugs.php.net/bug.php?id=67539
59831-Broken Link
openSUSE-SU-2014:0945-Mailing List, Third Party Advisory
RHSA-2014:1327-Third Party Advisory
RHSA-2014:1326-Third Party Advisory
RHSA-2014:1766-Third Party Advisory
RHSA-2014:1765-Third Party Advisory
openSUSE-SU-2014:1236-Mailing List, Third Party Advisory
https://support.apple.com/HT204659
APPLE-SA-2015-04-08-2-Mailing List
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://www-01.ibm.com/support/docview.wss?uid=swg21683486
54553-Broken Link

Keywords

CVE-2014-4698

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2014-4698

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures