CVE-2014-9425 — Use After Free in Apple MAC OS X

CWE-416 — Use After Free6 documents5 sources

Severity

7.5HIGHNVD

EPSS

15.5%

top 5.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple MAC OS X PHP Apple OS X EL Capitan V10.11

Timeline

PublishedDec 31

Latest updateMay 14

Description

Double free vulnerability in the zend_ts_hash_graceful_destroy function in zend_ts_hash.c in the Zend Engine in PHP through 5.5.20 and 5.6.x through 5.6.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶NVDphp/php5.6.0 — 5.6.4+1

▶NVDapple/mac_os_x10.10.5

▶Appleapple/os_x_el_capitan_v10.11

🔴Vulnerability Details

GHSA

GHSA-j29m-6pgw-53qh: Double free vulnerability in the zend_ts_hash_graceful_destroy function in zend_ts_hash↗2022-05-14

▶

📋Vendor Advisories

Red Hat

php: Double-free in zend_ts_hash_graceful_destroy()↗2014-12-30

▶

Apple

CVE-2014-9425: OS X El Capitan v10.11↗

▶

💬Community

Bugzilla

CVE-2014-9425 php: Double-free in zend_ts_hash_graceful_destroy() [fedora-all]↗2015-01-05

▶

Bugzilla

CVE-2014-9425 php: Double-free in zend_ts_hash_graceful_destroy()↗2014-12-30

▶