UBUNTU-CVE-2014-3515

See a problem?

Source

https://ubuntu.com/security/notices/UBUNTU-CVE-2014-3515

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-3515.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2014-3515

Related

CVE-2014-3515
USN-2276-1

Published

2014-07-09T00:00:00Z

Modified

2014-07-09T00:00:00Z

Summary

[none]

Details

The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related to "type confusion" issues in (1) ArrayObject and (2) SPLObjectStorage.

References

Affected packages

Ubuntu:14.04:LTS / php5

Package

Name: php5
Purl: pkg:deb/ubuntu/php5@5.5.9+dfsg-1ubuntu4.3?arch=src?distro=trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.5.9+dfsg-1ubuntu4.3

Affected versions

5.*

5.5.3+dfsg-1ubuntu2

5.5.3+dfsg-1ubuntu3

5.5.6+dfsg-1ubuntu1

5.5.6+dfsg-1ubuntu2

5.5.8+dfsg-2ubuntu1

5.5.9+dfsg-1ubuntu1

5.5.9+dfsg-1ubuntu2

5.5.9+dfsg-1ubuntu3

5.5.9+dfsg-1ubuntu4

5.5.9+dfsg-1ubuntu4.1

5.5.9+dfsg-1ubuntu4.2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "php5-gd": "5.5.9+dfsg-1ubuntu4.3",
            "libphp5-embed": "5.5.9+dfsg-1ubuntu4.3",
            "php5-mysqlnd": "5.5.9+dfsg-1ubuntu4.3",
            "php5-dbg": "5.5.9+dfsg-1ubuntu4.3",
            "php-pear": "5.5.9+dfsg-1ubuntu4.3",
            "php5-cli": "5.5.9+dfsg-1ubuntu4.3",
            "php5-fpm": "5.5.9+dfsg-1ubuntu4.3",
            "php5-pspell": "5.5.9+dfsg-1ubuntu4.3",
            "php5-mysql": "5.5.9+dfsg-1ubuntu4.3",
            "php5-curl": "5.5.9+dfsg-1ubuntu4.3",
            "php5-ldap": "5.5.9+dfsg-1ubuntu4.3",
            "php5-pgsql": "5.5.9+dfsg-1ubuntu4.3",
            "php5-xsl": "5.5.9+dfsg-1ubuntu4.3",
            "php5-readline": "5.5.9+dfsg-1ubuntu4.3",
            "php5-common": "5.5.9+dfsg-1ubuntu4.3",
            "php5-enchant": "5.5.9+dfsg-1ubuntu4.3",
            "php5-dev": "5.5.9+dfsg-1ubuntu4.3",
            "libapache2-mod-php5filter": "5.5.9+dfsg-1ubuntu4.3",
            "php5": "5.5.9+dfsg-1ubuntu4.3",
            "php5-sybase": "5.5.9+dfsg-1ubuntu4.3",
            "php5-gmp": "5.5.9+dfsg-1ubuntu4.3",
            "php5-odbc": "5.5.9+dfsg-1ubuntu4.3",
            "php5-cgi": "5.5.9+dfsg-1ubuntu4.3",
            "php5-recode": "5.5.9+dfsg-1ubuntu4.3",
            "libapache2-mod-php5": "5.5.9+dfsg-1ubuntu4.3",
            "php5-snmp": "5.5.9+dfsg-1ubuntu4.3",
            "php5-sqlite": "5.5.9+dfsg-1ubuntu4.3",
            "php5-intl": "5.5.9+dfsg-1ubuntu4.3",
            "php5-xmlrpc": "5.5.9+dfsg-1ubuntu4.3",
            "php5-tidy": "5.5.9+dfsg-1ubuntu4.3"
        }
    ]
}