CVE-2014-3669
published 2014-10-29CVE-2014-3669: Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows…
PriorityP347high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
28.86%
97.9th percentile
Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function that triggers calculation of a large length value.
Affected
56 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | os_x_yosemite_v10.10.3_and_security_update_2015-004 | — | — |
| php | php | <= 5.4.33 | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor calls to PHP's unserialize() function with untrusted/remote-supplied input, particularly serialized payloads that encode custom objects with abnormally large length values, which trigger the integer overflow in object_custom(). ↗
- →The vulnerability is significantly more exploitable on 32-bit PHP installations; prioritize detection and patching on 32-bit systems where pointer arithmetic overflow is far more likely. ↗
- ·This vulnerability only affects 32-bit PHP installations; 64-bit deployments are not impacted in practice. ↗
- ·Exploitation requires that the application passes untrusted/remote-supplied data directly to PHP's unserialize() function. ↗
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-h4mf-xgwj-q6f7: Integer overflow in the object_custom function in ext/standard/var_unserializer
ghsa_unreviewed·2022-05-17
CVE-2014-3669 [HIGH] GHSA-h4mf-xgwj-q6f7: Integer overflow in the object_custom function in ext/standard/var_unserializer
Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function that triggers calculation of a large length value.
OSV
php5 vulnerabilities
osv·2014-10-30·CVSS 5.0
CVE-2014-3668 [MEDIUM] php5 vulnerabilities
php5 vulnerabilities
Symeon Paraschoudis discovered that PHP incorrectly handled the mkgmtime
function. A remote attacker could possibly use this issue to cause PHP to
crash, resulting in a denial of service. (CVE-2014-3668)
Symeon Paraschoudis discovered that PHP incorrectly handled unserializing
objects. A remote attacker could possibly use this issue to cause PHP to
crash, resulting in a denial of service. (CVE-2014-3669)
Otto Ebeling discovered that PHP incorrectly handled the exif_thumbnail
function. A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2014-3670)
Francisco Alonso that PHP incorrectly handled ELF files in the fileinfo
extension. A remote attacker could possibly use this issue to cau
OSV
CVE-2014-3669: Integer overflow in the object_custom function in ext/standard/var_unserializer
osv·2014-10-29·CVSS 7.5
CVE-2014-3669 [HIGH] CVE-2014-3669: Integer overflow in the object_custom function in ext/standard/var_unserializer
Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function that triggers calculation of a large length value.
Ubuntu
php5 vulnerabilities
vendor_ubuntu·2014-10-30·CVSS 5.0
CVE-2014-3668 [MEDIUM] php5 vulnerabilities
Title: php5 vulnerabilities
Summary: Several security issues were fixed in PHP.
Symeon Paraschoudis discovered that PHP incorrectly handled the mkgmtime
function. A remote attacker could possibly use this issue to cause PHP to
crash, resulting in a denial of service. (CVE-2014-3668)
Symeon Paraschoudis discovered that PHP incorrectly handled unserializing
objects. A remote attacker could possibly use this issue to cause PHP to
crash, resulting in a denial of service. (CVE-2014-3669)
Otto Ebeling discovered that PHP incorrectly handled the exif_thumbnail
function. A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2014-3670)
Francisco Alonso that PHP incorrectly handled ELF files in the fileinfo
exten
Red Hat
php: integer overflow in unserialize()
vendor_redhat·2014-09-18·CVSS 7.5
CVE-2014-3669 [HIGH] CWE-190 php: integer overflow in unserialize()
php: integer overflow in unserialize()
Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function that triggers calculation of a large length value.
An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash.
Apple
CVE-2014-3669: OS X Yosemite v10.10.3 and Security Update 2015-004
vendor_apple·CVSS 7.5
CVE-2014-3669 [HIGH] CVE-2014-3669: OS X Yosemite v10.10.3 and Security Update 2015-004
Apple Security Update: About the security content of OS X Yosemite v10.10.3 and Security Update 2015-004
Product: OS X Yosemite v10.10.3 and Security Update 2015-004
CVE: CVE-2014-3669
Component: CVE-2014-3669
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2014-3669 php: integer overflow in unserialize()
bugzilla·2014-10-20·CVSS 7.5
CVE-2014-3669 [HIGH] CVE-2014-3669 php: integer overflow in unserialize()
CVE-2014-3669 php: integer overflow in unserialize()
An integer overflow flaw in PHP's unserialize() function was reported. If unserialize() were used on untrusted data, this issue could lead to a crash or potentially information disclosure. It is not clear if code execution is possible or not.
It was reported that this issue only affects 32-bit systems. It has been fixed in upstream versions 5.4.34, 5.5.18, and 5.6.2.
References:
http://git.php.net/?p=php-src.git;a=commit;h=56754a7f9eba0e4f559b6ca081d9f2a447b3f159
https://bugs.php.net/bug.php?id=68044
http://php.net/ChangeLog-5.php
Discussion:
5.5.18 is already in Fedora testing, so no Fedora trackers for this (or bug 1154502 and bug 1154503)
---
(In reply to Murray McAllister from comment #0)
> It was reported that this issue only
Tenable
[R3] SecurityCenter 4.8.2 Fixes Third-party Library Vulnerability
blogs_tenable·2014-11-05
[R3] SecurityCenter 4.8.2 Fixes Third-party Library Vulnerability
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=56754a7f9eba0e4f559b6ca081d9f2a447b3f159http://linux.oracle.com/errata/ELSA-2014-1767.htmlhttp://linux.oracle.com/errata/ELSA-2014-1768.htmlhttp://lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlhttp://lists.opensuse.org/opensuse-updates/2014-11/msg00024.htmlhttp://lists.opensuse.org/opensuse-updates/2014-11/msg00034.htmlhttp://lists.opensuse.org/opensuse-updates/2015-01/msg00006.htmlhttp://php.net/ChangeLog-5.phphttp://rhn.redhat.com/errata/RHSA-2014-1765.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1766.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1767.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1768.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1824.htmlhttp://secunia.com/advisories/59967http://secunia.com/advisories/60630http://secunia.com/advisories/60699http://secunia.com/advisories/61763http://secunia.com/advisories/61970http://secunia.com/advisories/61982http://www.debian.org/security/2014/dsa-3064http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlhttp://www.securityfocus.com/bid/70611http://www.ubuntu.com/usn/USN-2391-1https://bugs.php.net/bug.php?id=68044https://bugzilla.redhat.com/show_bug.cgi?id=1154500https://support.apple.com/HT204659http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=56754a7f9eba0e4f559b6ca081d9f2a447b3f159http://linux.oracle.com/errata/ELSA-2014-1767.htmlhttp://linux.oracle.com/errata/ELSA-2014-1768.htmlhttp://lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlhttp://lists.opensuse.org/opensuse-updates/2014-11/msg00024.htmlhttp://lists.opensuse.org/opensuse-updates/2014-11/msg00034.htmlhttp://lists.opensuse.org/opensuse-updates/2015-01/msg00006.htmlhttp://php.net/ChangeLog-5.phphttp://rhn.redhat.com/errata/RHSA-2014-1765.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1766.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1767.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1768.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1824.htmlhttp://secunia.com/advisories/59967http://secunia.com/advisories/60630http://secunia.com/advisories/60699http://secunia.com/advisories/61763http://secunia.com/advisories/61970http://secunia.com/advisories/61982http://www.debian.org/security/2014/dsa-3064http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlhttp://www.securityfocus.com/bid/70611http://www.ubuntu.com/usn/USN-2391-1https://bugs.php.net/bug.php?id=68044https://bugzilla.redhat.com/show_bug.cgi?id=1154500https://support.apple.com/HT204659
2014-10-29
Published