Home > Vulnerability Database > CVE-2014-3515

Mend.io Vulnerability Database

CVE-2014-3515

Good to know:

Date: July 9, 2014

The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related to "type confusion" issues in (1) ArrayObject and (2) SPLObjectStorage.

Language: C

Severity Score

7.3

Related Resources (19)

Url: http://secunia.com/advisories/59831

Url: http://secunia.com/advisories/60998

Url: http://secunia.com/advisories/59794

Url: http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

Url: https://access.redhat.com/security/cve/CVE-2014-3515

Url: https://bugs.php.net/bug.php?id=67492

Url: http://www.securityfocus.com/bid/68237

Url: http://support.apple.com/kb/HT6443

Url: http://www-01.ibm.com/support/docview.wss?uid=swg21683486

Url: http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=88223c5245e9b470e1e6362bfd96829562ffe6ab

Url: https://nvd.nist.gov/vuln/detail/CVE-2014-3515

Url: http://rhn.redhat.com/errata/RHSA-2014-1766.html

Url: http://www.php.net/ChangeLog-5.php

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2014-3515

Url: http://rhn.redhat.com/errata/RHSA-2014-1765.html

Url: http://marc.info/?l=bugtraq&m=141017844705317&w=2

Url: http://www.debian.org/security/2014/dsa-2974

Url: http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html

Url: https://www.mend.io/vulnerability-database/CVE-2014-3515

Severity Score

7.3

Weakness Type (CWE)

Insufficient Information

NVD-CWE-noinfo

Top Fix

Upgrade Version

Upgrade to version 5.4.30,5.5.14

Learn More

CVSS v3.1

Base Score:	7.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	7.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2014-3515

Good to know:

Date: July 9, 2014

Language: C

Severity Score

Related Resources (19)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?