cbcvebase.
CVE-2014-3669
published 2014-10-29

CVE-2014-3669: Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows…

PriorityP347high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
28.86%
97.9th percentile
Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function that triggers calculation of a large length value.

Affected

56 ranges· showing 25
VendorProductVersion rangeFixed in
appleos_x_yosemite_v10.10.3_and_security_update_2015-004
phpphp<= 5.4.33
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp

Detection & IOCsextracted from sources · hover to see the quote

pathext/standard/var_unserializer.c
  • Monitor calls to PHP's unserialize() function with untrusted/remote-supplied input, particularly serialized payloads that encode custom objects with abnormally large length values, which trigger the integer overflow in object_custom().
  • The vulnerability is significantly more exploitable on 32-bit PHP installations; prioritize detection and patching on 32-bit systems where pointer arithmetic overflow is far more likely.
  • ·This vulnerability only affects 32-bit PHP installations; 64-bit deployments are not impacted in practice.
  • ·Exploitation requires that the application passes untrusted/remote-supplied data directly to PHP's unserialize() function.

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu5.0MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.