Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2015-AVI-139
Vulnerability from certfr_avis - Published: 2015-04-09 - Updated: 2015-04-09
De multiples vulnérabilités ont été corrigées dans Apple Macintosh OS X. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et une atteinte à la confidentialité des données.g
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Apple Macintosh OS X
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eApple Macintosh OS X\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-3479",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3479"
},
{
"name": "CVE-2015-1134",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1134"
},
{
"name": "CVE-2015-1098",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1098"
},
{
"name": "CVE-2014-0238",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0238"
},
{
"name": "CVE-2015-1132",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1132"
},
{
"name": "CVE-2014-0207",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0207"
},
{
"name": "CVE-2015-1545",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1545"
},
{
"name": "CVE-2014-0118",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0118"
},
{
"name": "CVE-2014-3571",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3571"
},
{
"name": "CVE-2015-1117",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1117"
},
{
"name": "CVE-2015-1131",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1131"
},
{
"name": "CVE-2014-3669",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3669"
},
{
"name": "CVE-2015-1136",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1136"
},
{
"name": "CVE-2015-1144",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1144"
},
{
"name": "CVE-2015-1104",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1104"
},
{
"name": "CVE-2015-1105",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1105"
},
{
"name": "CVE-2014-4380",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4380"
},
{
"name": "CVE-2014-5120",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-5120"
},
{
"name": "CVE-2015-1146",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1146"
},
{
"name": "CVE-2014-3538",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3538"
},
{
"name": "CVE-2015-1093",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1093"
},
{
"name": "CVE-2015-1141",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1141"
},
{
"name": "CVE-2014-0237",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0237"
},
{
"name": "CVE-2014-0117",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0117"
},
{
"name": "CVE-2014-4405",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4405"
},
{
"name": "CVE-2015-1102",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1102"
},
{
"name": "CVE-2014-0098",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0098"
},
{
"name": "CVE-2015-1137",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1137"
},
{
"name": "CVE-2014-2497",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2497"
},
{
"name": "CVE-2015-1091",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1091"
},
{
"name": "CVE-2015-1100",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1100"
},
{
"name": "CVE-2015-1133",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1133"
},
{
"name": "CVE-2014-4404",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4404"
},
{
"name": "CVE-2014-3710",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3710"
},
{
"name": "CVE-2015-1088",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1088"
},
{
"name": "CVE-2013-5704",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5704"
},
{
"name": "CVE-2014-0231",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0231"
},
{
"name": "CVE-2014-4670",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4670"
},
{
"name": "CVE-2015-1099",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1099"
},
{
"name": "CVE-2015-1138",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1138"
},
{
"name": "CVE-2014-8830",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8830"
},
{
"name": "CVE-2015-1145",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1145"
},
{
"name": "CVE-2015-0204",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0204"
},
{
"name": "CVE-2014-3480",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3480"
},
{
"name": "CVE-2014-3478",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3478"
},
{
"name": "CVE-2015-1101",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1101"
},
{
"name": "CVE-2015-1140",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1140"
},
{
"name": "CVE-2015-1089",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1089"
},
{
"name": "CVE-2014-8275",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8275"
},
{
"name": "CVE-2015-1546",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1546"
},
{
"name": "CVE-2014-4698",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4698"
},
{
"name": "CVE-2014-3668",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3668"
},
{
"name": "CVE-2015-1143",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1143"
},
{
"name": "CVE-2015-1130",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1130"
},
{
"name": "CVE-2013-6438",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6438"
},
{
"name": "CVE-2014-3572",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3572"
},
{
"name": "CVE-2014-3569",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3569"
},
{
"name": "CVE-2014-3670",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3670"
},
{
"name": "CVE-2014-3587",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3587"
},
{
"name": "CVE-2015-1135",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1135"
},
{
"name": "CVE-2014-3487",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3487"
},
{
"name": "CVE-2014-4049",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4049"
},
{
"name": "CVE-2014-3597",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3597"
},
{
"name": "CVE-2014-3523",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3523"
}
],
"initial_release_date": "2015-04-09T00:00:00",
"last_revision_date": "2015-04-09T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Apple APPLE-SA-2015-04-08-2 du 09 avril 2015",
"url": "https://support.apple.com/en-us/HT204659"
}
],
"reference": "CERTFR-2015-AVI-139",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2015-04-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple Macintosh OS X\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire, un d\u00e9ni de\nservice et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.g\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple Macintosh OS X",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple APPLE-SA-2015-04-08-2 du 09 avril 2015",
"url": null
}
]
}
CVE-2014-3597 (GCVE-0-2014-3597)
Vulnerability from cvelistv5 – Published: 2014-08-23 01:00 – Updated: 2024-08-06 10:50
VLAI
EPSS
Summary
Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS record, related to the dns_get_record function and the dn_expand function. NOTE: this issue exists because of an incomplete fix for CVE-2014-4049.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
18 references
Date Public
2014-08-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:50:17.419Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT204659"
},
{
"name": "RHSA-2014:1766",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
},
{
"name": "60609",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60609"
},
{
"name": "USN-2344-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2344-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://php.net/ChangeLog-5.php"
},
{
"name": "openSUSE-SU-2014:1245",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00055.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=67717"
},
{
"name": "RHSA-2014:1326",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1326.html"
},
{
"name": "APPLE-SA-2015-04-08-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"name": "69322",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69322"
},
{
"name": "DSA-3008",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3008"
},
{
"name": "RHSA-2014:1327",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1327.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "RHSA-2014:1765",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/php/php-src/commit/2fefae47716d501aec41c1102f3fd4531f070b05"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2014-3597"
},
{
"name": "60696",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60696"
},
{
"name": "openSUSE-SU-2014:1133",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00024.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS record, related to the dns_get_record function and the dn_expand function. NOTE: this issue exists because of an incomplete fix for CVE-2014-4049."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-04T20:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT204659"
},
{
"name": "RHSA-2014:1766",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
},
{
"name": "60609",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60609"
},
{
"name": "USN-2344-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2344-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://php.net/ChangeLog-5.php"
},
{
"name": "openSUSE-SU-2014:1245",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00055.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.php.net/bug.php?id=67717"
},
{
"name": "RHSA-2014:1326",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1326.html"
},
{
"name": "APPLE-SA-2015-04-08-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"name": "69322",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69322"
},
{
"name": "DSA-3008",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3008"
},
{
"name": "RHSA-2014:1327",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1327.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "RHSA-2014:1765",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/php/php-src/commit/2fefae47716d501aec41c1102f3fd4531f070b05"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2014-3597"
},
{
"name": "60696",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60696"
},
{
"name": "openSUSE-SU-2014:1133",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00024.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3597",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS record, related to the dns_get_record function and the dn_expand function. NOTE: this issue exists because of an incomplete fix for CVE-2014-4049."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT204659",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204659"
},
{
"name": "RHSA-2014:1766",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
},
{
"name": "60609",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60609"
},
{
"name": "USN-2344-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2344-1"
},
{
"name": "http://php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"url": "http://php.net/ChangeLog-5.php"
},
{
"name": "openSUSE-SU-2014:1245",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00055.html"
},
{
"name": "https://bugs.php.net/bug.php?id=67717",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=67717"
},
{
"name": "RHSA-2014:1326",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1326.html"
},
{
"name": "APPLE-SA-2015-04-08-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"name": "69322",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69322"
},
{
"name": "DSA-3008",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3008"
},
{
"name": "RHSA-2014:1327",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1327.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "RHSA-2014:1765",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
},
{
"name": "https://github.com/php/php-src/commit/2fefae47716d501aec41c1102f3fd4531f070b05",
"refsource": "CONFIRM",
"url": "https://github.com/php/php-src/commit/2fefae47716d501aec41c1102f3fd4531f070b05"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2014-3597",
"refsource": "CONFIRM",
"url": "https://security-tracker.debian.org/tracker/CVE-2014-3597"
},
{
"name": "60696",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60696"
},
{
"name": "openSUSE-SU-2014:1133",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00024.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3597",
"datePublished": "2014-08-23T01:00:00.000Z",
"dateReserved": "2014-05-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T10:50:17.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3668 (GCVE-0-2014-3668)
Vulnerability from cvelistv5 – Published: 2014-10-29 10:00 – Updated: 2024-08-06 10:50
VLAI
EPSS
Summary
Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
25 references
Date Public
2014-10-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:50:18.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "59967",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59967"
},
{
"name": "openSUSE-SU-2014:1391",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00034.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=88412772d295ebf7dd34409534507dc9bcac726e"
},
{
"name": "RHSA-2014:1767",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1767.html"
},
{
"name": "USN-2391-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2391-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT204659"
},
{
"name": "openSUSE-SU-2014:1377",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00024.html"
},
{
"name": "61982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61982"
},
{
"name": "61763",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61763"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=68027"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-1767.html"
},
{
"name": "RHSA-2014:1766",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
},
{
"name": "DSA-3064",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3064"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-1768.html"
},
{
"name": "70666",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70666"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://php.net/ChangeLog-5.php"
},
{
"name": "APPLE-SA-2015-04-08-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"name": "61970",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61970"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1154503"
},
{
"name": "openSUSE-SU-2015:0014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00006.html"
},
{
"name": "RHSA-2014:1765",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
},
{
"name": "RHSA-2014:1768",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1768.html"
},
{
"name": "60699",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60699"
},
{
"name": "60630",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60630"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "59967",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59967"
},
{
"name": "openSUSE-SU-2014:1391",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00034.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=88412772d295ebf7dd34409534507dc9bcac726e"
},
{
"name": "RHSA-2014:1767",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1767.html"
},
{
"name": "USN-2391-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2391-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT204659"
},
{
"name": "openSUSE-SU-2014:1377",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00024.html"
},
{
"name": "61982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61982"
},
{
"name": "61763",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61763"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.php.net/bug.php?id=68027"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-1767.html"
},
{
"name": "RHSA-2014:1766",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
},
{
"name": "DSA-3064",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3064"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-1768.html"
},
{
"name": "70666",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70666"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://php.net/ChangeLog-5.php"
},
{
"name": "APPLE-SA-2015-04-08-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"name": "61970",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61970"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1154503"
},
{
"name": "openSUSE-SU-2015:0014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00006.html"
},
{
"name": "RHSA-2014:1765",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
},
{
"name": "RHSA-2014:1768",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1768.html"
},
{
"name": "60699",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60699"
},
{
"name": "60630",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60630"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3668",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "59967",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59967"
},
{
"name": "openSUSE-SU-2014:1391",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00034.html"
},
{
"name": "http://git.php.net/?p=php-src.git;a=commit;h=88412772d295ebf7dd34409534507dc9bcac726e",
"refsource": "CONFIRM",
"url": "http://git.php.net/?p=php-src.git;a=commit;h=88412772d295ebf7dd34409534507dc9bcac726e"
},
{
"name": "RHSA-2014:1767",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1767.html"
},
{
"name": "USN-2391-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2391-1"
},
{
"name": "https://support.apple.com/HT204659",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204659"
},
{
"name": "openSUSE-SU-2014:1377",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00024.html"
},
{
"name": "61982",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61982"
},
{
"name": "61763",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61763"
},
{
"name": "https://bugs.php.net/bug.php?id=68027",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=68027"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-1767.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-1767.html"
},
{
"name": "RHSA-2014:1766",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
},
{
"name": "DSA-3064",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3064"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-1768.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-1768.html"
},
{
"name": "70666",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70666"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "http://php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"url": "http://php.net/ChangeLog-5.php"
},
{
"name": "APPLE-SA-2015-04-08-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"name": "61970",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61970"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1154503",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1154503"
},
{
"name": "openSUSE-SU-2015:0014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00006.html"
},
{
"name": "RHSA-2014:1765",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
},
{
"name": "RHSA-2014:1768",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1768.html"
},
{
"name": "60699",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60699"
},
{
"name": "60630",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60630"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3668",
"datePublished": "2014-10-29T10:00:00.000Z",
"dateReserved": "2014-05-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T10:50:18.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3669 (GCVE-0-2014-3669)
Vulnerability from cvelistv5 – Published: 2014-10-29 10:00 – Updated: 2024-08-06 10:50
VLAI
EPSS
Summary
Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function that triggers calculation of a large length value.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
26 references
Date Public
2014-10-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:50:18.251Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2014:1824",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1824.html"
},
{
"name": "59967",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59967"
},
{
"name": "openSUSE-SU-2014:1391",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00034.html"
},
{
"name": "RHSA-2014:1767",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1767.html"
},
{
"name": "USN-2391-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2391-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT204659"
},
{
"name": "openSUSE-SU-2014:1377",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00024.html"
},
{
"name": "61982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61982"
},
{
"name": "61763",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61763"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-1767.html"
},
{
"name": "RHSA-2014:1766",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
},
{
"name": "DSA-3064",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3064"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-1768.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=56754a7f9eba0e4f559b6ca081d9f2a447b3f159"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://php.net/ChangeLog-5.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1154500"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=68044"
},
{
"name": "70611",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70611"
},
{
"name": "APPLE-SA-2015-04-08-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"name": "61970",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61970"
},
{
"name": "openSUSE-SU-2015:0014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00006.html"
},
{
"name": "RHSA-2014:1765",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
},
{
"name": "RHSA-2014:1768",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1768.html"
},
{
"name": "60699",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60699"
},
{
"name": "60630",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60630"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function that triggers calculation of a large length value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-30T15:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2014:1824",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1824.html"
},
{
"name": "59967",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59967"
},
{
"name": "openSUSE-SU-2014:1391",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00034.html"
},
{
"name": "RHSA-2014:1767",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1767.html"
},
{
"name": "USN-2391-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2391-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT204659"
},
{
"name": "openSUSE-SU-2014:1377",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00024.html"
},
{
"name": "61982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61982"
},
{
"name": "61763",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61763"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-1767.html"
},
{
"name": "RHSA-2014:1766",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
},
{
"name": "DSA-3064",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3064"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-1768.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=56754a7f9eba0e4f559b6ca081d9f2a447b3f159"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://php.net/ChangeLog-5.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1154500"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.php.net/bug.php?id=68044"
},
{
"name": "70611",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70611"
},
{
"name": "APPLE-SA-2015-04-08-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"name": "61970",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61970"
},
{
"name": "openSUSE-SU-2015:0014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00006.html"
},
{
"name": "RHSA-2014:1765",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
},
{
"name": "RHSA-2014:1768",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1768.html"
},
{
"name": "60699",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60699"
},
{
"name": "60630",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60630"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3669",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function that triggers calculation of a large length value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2014:1824",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1824.html"
},
{
"name": "59967",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59967"
},
{
"name": "openSUSE-SU-2014:1391",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00034.html"
},
{
"name": "RHSA-2014:1767",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1767.html"
},
{
"name": "USN-2391-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2391-1"
},
{
"name": "https://support.apple.com/HT204659",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204659"
},
{
"name": "openSUSE-SU-2014:1377",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00024.html"
},
{
"name": "61982",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61982"
},
{
"name": "61763",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61763"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-1767.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-1767.html"
},
{
"name": "RHSA-2014:1766",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
},
{
"name": "DSA-3064",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3064"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-1768.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-1768.html"
},
{
"name": "http://git.php.net/?p=php-src.git;a=commit;h=56754a7f9eba0e4f559b6ca081d9f2a447b3f159",
"refsource": "CONFIRM",
"url": "http://git.php.net/?p=php-src.git;a=commit;h=56754a7f9eba0e4f559b6ca081d9f2a447b3f159"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "http://php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"url": "http://php.net/ChangeLog-5.php"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1154500",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1154500"
},
{
"name": "https://bugs.php.net/bug.php?id=68044",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=68044"
},
{
"name": "70611",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70611"
},
{
"name": "APPLE-SA-2015-04-08-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"name": "61970",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61970"
},
{
"name": "openSUSE-SU-2015:0014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00006.html"
},
{
"name": "RHSA-2014:1765",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
},
{
"name": "RHSA-2014:1768",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1768.html"
},
{
"name": "60699",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60699"
},
{
"name": "60630",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60630"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3669",
"datePublished": "2014-10-29T10:00:00.000Z",
"dateReserved": "2014-05-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T10:50:18.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3670 (GCVE-0-2014-3670)
Vulnerability from cvelistv5 – Published: 2014-10-29 10:00 – Updated: 2024-08-06 10:50
VLAI
EPSS
Summary
The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted JPEG image with TIFF thumbnail data that is improperly handled by the exif_thumbnail function.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
26 references
Date Public
2014-10-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:50:17.945Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=ddb207e7fa2e9adeba021a1303c3781efda5409b"
},
{
"name": "RHSA-2014:1824",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1824.html"
},
{
"name": "59967",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59967"
},
{
"name": "openSUSE-SU-2014:1391",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00034.html"
},
{
"name": "RHSA-2014:1767",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1767.html"
},
{
"name": "USN-2391-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2391-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT204659"
},
{
"name": "openSUSE-SU-2014:1377",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00024.html"
},
{
"name": "61982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61982"
},
{
"name": "61763",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61763"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-1767.html"
},
{
"name": "RHSA-2014:1766",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
},
{
"name": "DSA-3064",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3064"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-1768.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://php.net/ChangeLog-5.php"
},
{
"name": "APPLE-SA-2015-04-08-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"name": "61970",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61970"
},
{
"name": "openSUSE-SU-2015:0014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00006.html"
},
{
"name": "RHSA-2014:1765",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
},
{
"name": "70665",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70665"
},
{
"name": "RHSA-2014:1768",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1768.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1154502"
},
{
"name": "60699",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60699"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=68113"
},
{
"name": "60630",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60630"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted JPEG image with TIFF thumbnail data that is improperly handled by the exif_thumbnail function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=ddb207e7fa2e9adeba021a1303c3781efda5409b"
},
{
"name": "RHSA-2014:1824",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1824.html"
},
{
"name": "59967",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59967"
},
{
"name": "openSUSE-SU-2014:1391",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00034.html"
},
{
"name": "RHSA-2014:1767",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1767.html"
},
{
"name": "USN-2391-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2391-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT204659"
},
{
"name": "openSUSE-SU-2014:1377",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00024.html"
},
{
"name": "61982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61982"
},
{
"name": "61763",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61763"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-1767.html"
},
{
"name": "RHSA-2014:1766",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
},
{
"name": "DSA-3064",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3064"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-1768.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://php.net/ChangeLog-5.php"
},
{
"name": "APPLE-SA-2015-04-08-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"name": "61970",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61970"
},
{
"name": "openSUSE-SU-2015:0014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00006.html"
},
{
"name": "RHSA-2014:1765",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
},
{
"name": "70665",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70665"
},
{
"name": "RHSA-2014:1768",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1768.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1154502"
},
{
"name": "60699",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60699"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.php.net/bug.php?id=68113"
},
{
"name": "60630",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60630"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3670",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted JPEG image with TIFF thumbnail data that is improperly handled by the exif_thumbnail function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.php.net/?p=php-src.git;a=commit;h=ddb207e7fa2e9adeba021a1303c3781efda5409b",
"refsource": "CONFIRM",
"url": "http://git.php.net/?p=php-src.git;a=commit;h=ddb207e7fa2e9adeba021a1303c3781efda5409b"
},
{
"name": "RHSA-2014:1824",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1824.html"
},
{
"name": "59967",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59967"
},
{
"name": "openSUSE-SU-2014:1391",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00034.html"
},
{
"name": "RHSA-2014:1767",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1767.html"
},
{
"name": "USN-2391-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2391-1"
},
{
"name": "https://support.apple.com/HT204659",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204659"
},
{
"name": "openSUSE-SU-2014:1377",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00024.html"
},
{
"name": "61982",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61982"
},
{
"name": "61763",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61763"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-1767.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-1767.html"
},
{
"name": "RHSA-2014:1766",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
},
{
"name": "DSA-3064",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3064"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-1768.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-1768.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "http://php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"url": "http://php.net/ChangeLog-5.php"
},
{
"name": "APPLE-SA-2015-04-08-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"name": "61970",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61970"
},
{
"name": "openSUSE-SU-2015:0014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00006.html"
},
{
"name": "RHSA-2014:1765",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
},
{
"name": "70665",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70665"
},
{
"name": "RHSA-2014:1768",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1768.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1154502",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1154502"
},
{
"name": "60699",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60699"
},
{
"name": "https://bugs.php.net/bug.php?id=68113",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=68113"
},
{
"name": "60630",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60630"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3670",
"datePublished": "2014-10-29T10:00:00.000Z",
"dateReserved": "2014-05-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T10:50:17.945Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3710 (GCVE-0-2014-3710)
Vulnerability from cvelistv5 – Published: 2014-11-05 11:00 – Updated: 2024-08-06 10:50
VLAI
EPSS
Summary
The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
33 references
Date Public
2014-10-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:50:17.979Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=68283"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=1803228597e82218a8c105e67975bc50e6f5bf0d"
},
{
"name": "62347",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62347"
},
{
"name": "RHSA-2014:1767",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1767.html"
},
{
"name": "USN-2391-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2391-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT204659"
},
{
"name": "61982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61982"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "61763",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61763"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-1767.html"
},
{
"name": "RHSA-2014:1766",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
},
{
"name": "FreeBSD-SA-14:28",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-1768.html"
},
{
"name": "DSA-3072",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3072"
},
{
"name": "RHSA-2016:0760",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0760.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "USN-2494-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2494-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "APPLE-SA-2015-04-08-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"name": "61970",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61970"
},
{
"name": "1031344",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031344"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "RHSA-2014:1765",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
},
{
"name": "openSUSE-SU-2014:1516",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00113.html"
},
{
"name": "RHSA-2014:1768",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1768.html"
},
{
"name": "GLSA-201701-42",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-42"
},
{
"name": "60699",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60699"
},
{
"name": "GLSA-201503-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201503-03"
},
{
"name": "70807",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70807"
},
{
"name": "60630",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60630"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1155071"
},
{
"name": "62559",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62559"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.php.net/bug.php?id=68283"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=1803228597e82218a8c105e67975bc50e6f5bf0d"
},
{
"name": "62347",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62347"
},
{
"name": "RHSA-2014:1767",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1767.html"
},
{
"name": "USN-2391-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2391-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT204659"
},
{
"name": "61982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61982"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "61763",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61763"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-1767.html"
},
{
"name": "RHSA-2014:1766",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
},
{
"name": "FreeBSD-SA-14:28",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-1768.html"
},
{
"name": "DSA-3072",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3072"
},
{
"name": "RHSA-2016:0760",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0760.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "USN-2494-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2494-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "APPLE-SA-2015-04-08-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"name": "61970",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61970"
},
{
"name": "1031344",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031344"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "RHSA-2014:1765",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
},
{
"name": "openSUSE-SU-2014:1516",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00113.html"
},
{
"name": "RHSA-2014:1768",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1768.html"
},
{
"name": "GLSA-201701-42",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-42"
},
{
"name": "60699",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60699"
},
{
"name": "GLSA-201503-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201503-03"
},
{
"name": "70807",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70807"
},
{
"name": "60630",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60630"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1155071"
},
{
"name": "62559",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62559"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3710",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.php.net/bug.php?id=68283",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=68283"
},
{
"name": "http://git.php.net/?p=php-src.git;a=commit;h=1803228597e82218a8c105e67975bc50e6f5bf0d",
"refsource": "CONFIRM",
"url": "http://git.php.net/?p=php-src.git;a=commit;h=1803228597e82218a8c105e67975bc50e6f5bf0d"
},
{
"name": "62347",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62347"
},
{
"name": "RHSA-2014:1767",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1767.html"
},
{
"name": "USN-2391-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2391-1"
},
{
"name": "https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0",
"refsource": "CONFIRM",
"url": "https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0"
},
{
"name": "https://support.apple.com/HT204659",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204659"
},
{
"name": "61982",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61982"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "61763",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61763"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-1767.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-1767.html"
},
{
"name": "RHSA-2014:1766",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
},
{
"name": "FreeBSD-SA-14:28",
"refsource": "FREEBSD",
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-1768.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-1768.html"
},
{
"name": "DSA-3072",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3072"
},
{
"name": "RHSA-2016:0760",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0760.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "USN-2494-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2494-1"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "APPLE-SA-2015-04-08-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"name": "61970",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61970"
},
{
"name": "1031344",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031344"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "RHSA-2014:1765",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
},
{
"name": "openSUSE-SU-2014:1516",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00113.html"
},
{
"name": "RHSA-2014:1768",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1768.html"
},
{
"name": "GLSA-201701-42",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-42"
},
{
"name": "60699",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60699"
},
{
"name": "GLSA-201503-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201503-03"
},
{
"name": "70807",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70807"
},
{
"name": "60630",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60630"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1155071",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1155071"
},
{
"name": "62559",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62559"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3710",
"datePublished": "2014-11-05T11:00:00.000Z",
"dateReserved": "2014-05-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T10:50:17.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4049 (GCVE-0-2014-4049)
Vulnerability from cvelistv5 – Published: 2014-06-18 19:00 – Updated: 2024-08-06 11:04
VLAI
EPSS
Summary
Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record function.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
25 references
Date Public
2014-06-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:04:28.245Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "59329",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59329"
},
{
"name": "SUSE-SU-2014:0868",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00001.html"
},
{
"name": "59418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59418"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT204659"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683486"
},
{
"name": "59496",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59496"
},
{
"name": "1030435",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030435"
},
{
"name": "RHSA-2014:1766",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
},
{
"name": "59652",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59652"
},
{
"name": "68007",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68007"
},
{
"name": "59513",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59513"
},
{
"name": "HPSBUX03102",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
},
{
"name": "SUSE-SU-2014:0869",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00002.html"
},
{
"name": "60998",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60998"
},
{
"name": "59270",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59270"
},
{
"name": "APPLE-SA-2015-04-08-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT6443"
},
{
"name": "openSUSE-SU-2014:0841",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00051.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1108447"
},
{
"name": "DSA-2961",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2961"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "RHSA-2014:1765",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
},
{
"name": "SSRT101681",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/php/php-src/commit/b34d7849ed90ced9345f8ea1c59bc8d101c18468"
},
{
"name": "[oss-security] 20140613 Re: CVE request: PHP heap-based buffer overflow in DNS TXT record parsing",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/06/13/4"
},
{
"name": "openSUSE-SU-2014:0942",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-07/msg00032.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-27T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "59329",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59329"
},
{
"name": "SUSE-SU-2014:0868",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00001.html"
},
{
"name": "59418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59418"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT204659"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683486"
},
{
"name": "59496",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59496"
},
{
"name": "1030435",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030435"
},
{
"name": "RHSA-2014:1766",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
},
{
"name": "59652",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59652"
},
{
"name": "68007",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68007"
},
{
"name": "59513",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59513"
},
{
"name": "HPSBUX03102",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
},
{
"name": "SUSE-SU-2014:0869",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00002.html"
},
{
"name": "60998",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60998"
},
{
"name": "59270",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59270"
},
{
"name": "APPLE-SA-2015-04-08-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT6443"
},
{
"name": "openSUSE-SU-2014:0841",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00051.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1108447"
},
{
"name": "DSA-2961",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2961"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "RHSA-2014:1765",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
},
{
"name": "SSRT101681",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/php/php-src/commit/b34d7849ed90ced9345f8ea1c59bc8d101c18468"
},
{
"name": "[oss-security] 20140613 Re: CVE request: PHP heap-based buffer overflow in DNS TXT record parsing",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/06/13/4"
},
{
"name": "openSUSE-SU-2014:0942",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-07/msg00032.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4049",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "59329",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59329"
},
{
"name": "SUSE-SU-2014:0868",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00001.html"
},
{
"name": "59418",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59418"
},
{
"name": "https://support.apple.com/HT204659",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204659"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21683486",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683486"
},
{
"name": "59496",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59496"
},
{
"name": "1030435",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030435"
},
{
"name": "RHSA-2014:1766",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
},
{
"name": "59652",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59652"
},
{
"name": "68007",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68007"
},
{
"name": "59513",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59513"
},
{
"name": "HPSBUX03102",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
},
{
"name": "SUSE-SU-2014:0869",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00002.html"
},
{
"name": "60998",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60998"
},
{
"name": "59270",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59270"
},
{
"name": "APPLE-SA-2015-04-08-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"name": "http://support.apple.com/kb/HT6443",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6443"
},
{
"name": "openSUSE-SU-2014:0841",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00051.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1108447",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1108447"
},
{
"name": "DSA-2961",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2961"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "RHSA-2014:1765",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
},
{
"name": "SSRT101681",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
},
{
"name": "https://github.com/php/php-src/commit/b34d7849ed90ced9345f8ea1c59bc8d101c18468",
"refsource": "CONFIRM",
"url": "https://github.com/php/php-src/commit/b34d7849ed90ced9345f8ea1c59bc8d101c18468"
},
{
"name": "[oss-security] 20140613 Re: CVE request: PHP heap-based buffer overflow in DNS TXT record parsing",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/06/13/4"
},
{
"name": "openSUSE-SU-2014:0942",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-07/msg00032.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4049",
"datePublished": "2014-06-18T19:00:00.000Z",
"dateReserved": "2014-06-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:04:28.245Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4380 (GCVE-0-2014-4380)
Vulnerability from cvelistv5 – Published: 2014-09-18 10:00 – Updated: 2024-08-06 11:12
VLAI
EPSS
Summary
The IOHIDFamily kernel extension in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code in the kernel's context via a crafted application.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| https://support.apple.com/HT204659 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://support.apple.com/kb/HT6441 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1030866 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/69942 | vdb-entryx_refsource_BID |
| http://support.apple.com/kb/HT6442 | x_refsource_CONFIRM |
| http://archives.neohapsis.com/archives/bugtraq/20… | vendor-advisoryx_refsource_APPLE |
| http://archives.neohapsis.com/archives/bugtraq/20… | vendor-advisoryx_refsource_APPLE |
| http://www.securityfocus.com/bid/69882 | vdb-entryx_refsource_BID |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| https://support.apple.com/kb/HT6535 | x_refsource_CONFIRM |
| http://archives.neohapsis.com/archives/bugtraq/20… | vendor-advisoryx_refsource_APPLE |
Date Public
2014-09-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:12:35.564Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT204659"
},
{
"name": "appleios-cve20144380-code-exec(96110)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96110"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT6441"
},
{
"name": "1030866",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030866"
},
{
"name": "69942",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69942"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT6442"
},
{
"name": "APPLE-SA-2014-10-16-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html"
},
{
"name": "APPLE-SA-2014-09-17-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html"
},
{
"name": "69882",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69882"
},
{
"name": "APPLE-SA-2015-04-08-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT6535"
},
{
"name": "APPLE-SA-2014-09-17-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The IOHIDFamily kernel extension in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code in the kernel\u0027s context via a crafted application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT204659"
},
{
"name": "appleios-cve20144380-code-exec(96110)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96110"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT6441"
},
{
"name": "1030866",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030866"
},
{
"name": "69942",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69942"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT6442"
},
{
"name": "APPLE-SA-2014-10-16-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html"
},
{
"name": "APPLE-SA-2014-09-17-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html"
},
{
"name": "69882",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69882"
},
{
"name": "APPLE-SA-2015-04-08-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT6535"
},
{
"name": "APPLE-SA-2014-09-17-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-4380",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IOHIDFamily kernel extension in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code in the kernel\u0027s context via a crafted application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT204659",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204659"
},
{
"name": "appleios-cve20144380-code-exec(96110)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96110"
},
{
"name": "http://support.apple.com/kb/HT6441",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6441"
},
{
"name": "1030866",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030866"
},
{
"name": "69942",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69942"
},
{
"name": "http://support.apple.com/kb/HT6442",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6442"
},
{
"name": "APPLE-SA-2014-10-16-1",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html"
},
{
"name": "APPLE-SA-2014-09-17-2",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html"
},
{
"name": "69882",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69882"
},
{
"name": "APPLE-SA-2015-04-08-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"name": "https://support.apple.com/kb/HT6535",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT6535"
},
{
"name": "APPLE-SA-2014-09-17-1",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2014-4380",
"datePublished": "2014-09-18T10:00:00.000Z",
"dateReserved": "2014-06-20T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:12:35.564Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4404 (GCVE-0-2014-4404)
Vulnerability from cvelistv5 – Published: 2014-09-18 10:00 – Updated: 2025-10-22 00:05
VLAI
EPSS
Summary
Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted key-mapping properties.
Severity
7.8 (High)
SSVC
Exploitation: active
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-787 - Out-of-bounds Write
Assigner
References
13 references
| URL | Tags |
|---|---|
| https://support.apple.com/HT204659 | x_refsource_CONFIRM |
| http://support.apple.com/kb/HT6441 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1030866 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/69947 | vdb-entryx_refsource_BID |
| http://support.apple.com/kb/HT6442 | x_refsource_CONFIRM |
| http://archives.neohapsis.com/archives/bugtraq/20… | vendor-advisoryx_refsource_APPLE |
| http://archives.neohapsis.com/archives/bugtraq/20… | vendor-advisoryx_refsource_APPLE |
| http://www.securityfocus.com/bid/69882 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| https://support.apple.com/kb/HT6535 | x_refsource_CONFIRM |
| http://archives.neohapsis.com/archives/bugtraq/20… | vendor-advisoryx_refsource_APPLE |
| https://www.cisa.gov/known-exploited-vulnerabilit… | government-resource |
Date Public
2014-09-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:12:35.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT204659"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT6441"
},
{
"name": "1030866",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030866"
},
{
"name": "69947",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69947"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT6442"
},
{
"name": "APPLE-SA-2014-10-16-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html"
},
{
"name": "APPLE-SA-2014-09-17-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html"
},
{
"name": "69882",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69882"
},
{
"name": "appleios-cve20144404-bo(96111)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96111"
},
{
"name": "APPLE-SA-2015-04-08-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT6535"
},
{
"name": "APPLE-SA-2014-09-17-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2014-4404",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T17:50:46.758062Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-02-10",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-4404"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T00:05:36.521Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-4404"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-02-10T00:00:00.000Z",
"value": "CVE-2014-4404 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted key-mapping properties."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT204659"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT6441"
},
{
"name": "1030866",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030866"
},
{
"name": "69947",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69947"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT6442"
},
{
"name": "APPLE-SA-2014-10-16-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html"
},
{
"name": "APPLE-SA-2014-09-17-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html"
},
{
"name": "69882",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69882"
},
{
"name": "appleios-cve20144404-bo(96111)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96111"
},
{
"name": "APPLE-SA-2015-04-08-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT6535"
},
{
"name": "APPLE-SA-2014-09-17-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-4404",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted key-mapping properties."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT204659",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204659"
},
{
"name": "http://support.apple.com/kb/HT6441",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6441"
},
{
"name": "1030866",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030866"
},
{
"name": "69947",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69947"
},
{
"name": "http://support.apple.com/kb/HT6442",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6442"
},
{
"name": "APPLE-SA-2014-10-16-1",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html"
},
{
"name": "APPLE-SA-2014-09-17-2",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html"
},
{
"name": "69882",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69882"
},
{
"name": "appleios-cve20144404-bo(96111)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96111"
},
{
"name": "APPLE-SA-2015-04-08-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"name": "https://support.apple.com/kb/HT6535",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT6535"
},
{
"name": "APPLE-SA-2014-09-17-1",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2014-4404",
"datePublished": "2014-09-18T10:00:00.000Z",
"dateReserved": "2014-06-20T00:00:00.000Z",
"dateUpdated": "2025-10-22T00:05:36.521Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4405 (GCVE-0-2014-4405)
Vulnerability from cvelistv5 – Published: 2014-09-18 10:00 – Updated: 2024-08-06 11:12
VLAI
EPSS
Summary
IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application that provides crafted key-mapping properties.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| https://support.apple.com/HT204659 | x_refsource_CONFIRM |
| http://support.apple.com/kb/HT6441 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1030866 | vdb-entryx_refsource_SECTRACK |
| http://support.apple.com/kb/HT6442 | x_refsource_CONFIRM |
| http://archives.neohapsis.com/archives/bugtraq/20… | vendor-advisoryx_refsource_APPLE |
| http://archives.neohapsis.com/archives/bugtraq/20… | vendor-advisoryx_refsource_APPLE |
| http://www.securityfocus.com/bid/69882 | vdb-entryx_refsource_BID |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://www.securityfocus.com/bid/69938 | vdb-entryx_refsource_BID |
| https://support.apple.com/kb/HT6535 | x_refsource_CONFIRM |
| http://archives.neohapsis.com/archives/bugtraq/20… | vendor-advisoryx_refsource_APPLE |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2014-09-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:12:35.481Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT204659"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT6441"
},
{
"name": "1030866",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030866"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT6442"
},
{
"name": "APPLE-SA-2014-10-16-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html"
},
{
"name": "APPLE-SA-2014-09-17-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html"
},
{
"name": "69882",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69882"
},
{
"name": "APPLE-SA-2015-04-08-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"name": "69938",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69938"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT6535"
},
{
"name": "APPLE-SA-2014-09-17-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html"
},
{
"name": "appleios-cve20144405-code-exec(96109)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96109"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application that provides crafted key-mapping properties."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT204659"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT6441"
},
{
"name": "1030866",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030866"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT6442"
},
{
"name": "APPLE-SA-2014-10-16-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html"
},
{
"name": "APPLE-SA-2014-09-17-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html"
},
{
"name": "69882",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69882"
},
{
"name": "APPLE-SA-2015-04-08-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"name": "69938",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69938"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT6535"
},
{
"name": "APPLE-SA-2014-09-17-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html"
},
{
"name": "appleios-cve20144405-code-exec(96109)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96109"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-4405",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application that provides crafted key-mapping properties."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT204659",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204659"
},
{
"name": "http://support.apple.com/kb/HT6441",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6441"
},
{
"name": "1030866",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030866"
},
{
"name": "http://support.apple.com/kb/HT6442",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6442"
},
{
"name": "APPLE-SA-2014-10-16-1",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html"
},
{
"name": "APPLE-SA-2014-09-17-2",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html"
},
{
"name": "69882",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69882"
},
{
"name": "APPLE-SA-2015-04-08-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"name": "69938",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69938"
},
{
"name": "https://support.apple.com/kb/HT6535",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT6535"
},
{
"name": "APPLE-SA-2014-09-17-1",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html"
},
{
"name": "appleios-cve20144405-code-exec(96109)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96109"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2014-4405",
"datePublished": "2014-09-18T10:00:00.000Z",
"dateReserved": "2014-06-20T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:12:35.481Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4670 (GCVE-0-2014-4670)
Vulnerability from cvelistv5 – Published: 2014-07-10 10:00 – Updated: 2024-08-06 11:27
VLAI
EPSS
Summary
Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
15 references
Date Public
2014-06-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:36.176Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT204659"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683486"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=67538"
},
{
"name": "54553",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54553"
},
{
"name": "RHSA-2014:1766",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
},
{
"name": "RHSA-2014:1326",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1326.html"
},
{
"name": "APPLE-SA-2015-04-08-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"name": "openSUSE-SU-2014:0945",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-07/msg00035.html"
},
{
"name": "DSA-3008",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3008"
},
{
"name": "RHSA-2014:1327",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1327.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "RHSA-2014:1765",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
},
{
"name": "60696",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60696"
},
{
"name": "59831",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59831"
},
{
"name": "openSUSE-SU-2014:1236",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-04T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT204659"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683486"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.php.net/bug.php?id=67538"
},
{
"name": "54553",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54553"
},
{
"name": "RHSA-2014:1766",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
},
{
"name": "RHSA-2014:1326",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1326.html"
},
{
"name": "APPLE-SA-2015-04-08-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"name": "openSUSE-SU-2014:0945",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-07/msg00035.html"
},
{
"name": "DSA-3008",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3008"
},
{
"name": "RHSA-2014:1327",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1327.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "RHSA-2014:1765",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
},
{
"name": "60696",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60696"
},
{
"name": "59831",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59831"
},
{
"name": "openSUSE-SU-2014:1236",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4670",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT204659",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204659"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21683486",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683486"
},
{
"name": "https://bugs.php.net/bug.php?id=67538",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=67538"
},
{
"name": "54553",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54553"
},
{
"name": "RHSA-2014:1766",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
},
{
"name": "RHSA-2014:1326",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1326.html"
},
{
"name": "APPLE-SA-2015-04-08-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"name": "openSUSE-SU-2014:0945",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-07/msg00035.html"
},
{
"name": "DSA-3008",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3008"
},
{
"name": "RHSA-2014:1327",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1327.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "RHSA-2014:1765",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
},
{
"name": "60696",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60696"
},
{
"name": "59831",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59831"
},
{
"name": "openSUSE-SU-2014:1236",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4670",
"datePublished": "2014-07-10T10:00:00.000Z",
"dateReserved": "2014-06-26T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:27:36.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…