CVE-2014-9425
9.7 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.066 Low
EPSS
Percentile
93.7%
Double free vulnerability in the zend_ts_hash_graceful_destroy function in zend_ts_hash.c in the Zend Engine in PHP through 5.5.20 and 5.6.x through 5.6.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
| CPE | Name | Operator | Version |
|---|---|---|---|
| php:php | php | le | 5.5.20 |
| php:php | php | le | 5.6.4 |
| apple:mac_os_x | apple mac os x | le | 10.10.5 |
References
advisories.mageia.org/MGASA-2015-0040.html
git.php.net/?p=php-src.git%3Ba=commit%3Bh=24125f0f26f3787c006e4a51611ba33ee3b841cb
git.php.net/?p=php-src.git%3Ba=commit%3Bh=2bcf69d073190e4f032d883f3416dea1b027a39e
git.php.net/?p=php-src.git%3Ba=commit%3Bh=fbf3a6bc1abcc8a5b5226b0ad9464c37f11ddbd6
lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
openwall.com/lists/oss-security/2014/12/29/6
rhn.redhat.com/errata/RHSA-2015-1218.html
www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
www.securityfocus.com/bid/71800
bugs.php.net/bug.php?id=68676
security.gentoo.org/glsa/201503-03
support.apple.com/HT205267
Social References
More
Related
9.7 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.066 Low
EPSS
Percentile
93.7%