CVE-2014-3669

Advisory lineage Upstream: 0 Downstream: 14

Downstream

DLA-94-1 DSA-3064-1 MGASA-2014-0430 OPENSUSE-SU-2024:10290-1 OPENSUSE-SU-2024:10344-1 RHSA-2014:1765

Modified

Published: 29 Oct 2014, 10:00

Last modified:06 Aug 2024, 10:50

Vulnerability Summary

Overall Risk (default)

high

51/100

CVSS Score

7.5 HIGH

v2.0 (nvd)

EPSS Score

55.95% CRITICAL

56% probability -10.62%

KEV

Not listed

Ransomware

No reports

Public exploits

1 found

Dark Web

Not detected

Timeline

29 Oct 2014, 10:00

Published

Vulnerability first disclosed

06 Aug 2024, 10:50

Last Modified

Vulnerability information updated

Description

Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function that triggers calculation of a large length value.

CVSS Metrics

v2.0•HIGH•Score: 7.5AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 55.95%• Percentile: 98%

Techniques & Countermeasures

CWE-189•Numeric Errors
Weaknesses in this category are related to improper calculation or conversion of numbers.

Affected Systems

Unknown•PHP
≤ 5.4.33 | 5.4.0 | 5.4.1 | 5.4.2 | 5.4.3 | 5.4.4 | 5.4.5 | 5.4.6 | 5.4.7 | 5.4.8 | 5.4.9 | 5.4.10 | 5.4.11 | 5.4.12 | 5.4.12:rc1 | 5.4.12:rc2 | 5.4.13 | 5.4.13:rc1 | 5.4.14 | 5.4.14:rc1 | 5.4.15:rc1 | 5.4.16:rc1 | 5.4.17 | 5.4.18 | 5.4.19 | 5.4.20 | 5.4.21 | 5.4.22 | 5.4.23 | 5.4.24 | 5.4.25 | 5.4.26 | 5.4.27 | 5.4.28 | 5.4.29 | 5.4.30 | 5.4.31 | 5.4.32 | 5.5.0 | 5.5.0:alpha1 | 5.5.0:alpha2 | 5.5.0:alpha3 | 5.5.0:alpha4 | 5.5.0:alpha5 | 5.5.0:alpha6 | 5.5.0:beta1 | 5.5.0:beta2 | 5.5.0:beta3 | 5.5.0:beta4 | 5.5.0:rc1 | 5.5.0:rc2 | 5.5.1 | 5.5.2 | 5.5.3 | 5.5.4 | 5.5.5 | 5.5.6 | 5.5.7 | 5.5.8 | 5.5.9 | 5.5.10 | 5.5.11 | 5.5.12 | 5.5.13 | 5.5.14 | 5.5.15 | 5.5.16 | 5.5.17 | 5.6.0 | 5.6.1