[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247768

 
 

909

 
 

194555

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-4670Date: (C)2014-07-24   (M)2024-02-22


Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.6
Exploit Score: 3.9
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECUNIA-54553
SECUNIA-59831
SECUNIA-60696
APPLE-SA-2015-04-08-2
DSA-3008
RHSA-2014:1326
RHSA-2014:1327
RHSA-2014:1765
RHSA-2014:1766
http://www-01.ibm.com/support/docview.wss?uid=swg21683486
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
https://bugs.php.net/bug.php?id=67538
https://support.apple.com/HT204659
openSUSE-SU-2014:0945
openSUSE-SU-2014:1236

CPE    27
cpe:/a:php:php:5.5.13
cpe:/a:php:php:5.5.11
cpe:/a:php:php:5.5.12
cpe:/a:php:php:5.5.10
...
OVAL    15
oval:org.secpod.oval:def:21009
oval:org.secpod.oval:def:1500737
oval:org.secpod.oval:def:203461
oval:org.secpod.oval:def:76853
...

© SecPod Technologies