Computer Security
[EN] no-pyccku

PHP security vulnerabilities
SecurityVulns ID:14172
Threat Level:
Description:Use-after-free in unserialize()
Affected:PHP : PHP 5.6
CVE:CVE-2014-8142 (Use-after-free vulnerability in the process_nested_data function in ext/standard/ in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys within the serialized properties of an object, a different vulnerability than CVE-2004-1019.)
 CVE-2004-1019 (The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double free and negative reference index array underflow" results.)
Original documentdocumentSLACKWARE, [slackware-security] php (SSA:2014-356-02) (23.12.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod