F5F5:K16339K16339 : Multiple PHP vulnerabilities CVE-2014-9425, CVE-2014-9426, CVE-2014-9427, CVE-2015-0231, and CVE-2015-0232
9.6 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.88 High
EPSS
Percentile
98.4%
Security Advisory Description
Description
Double free vulnerability in the zend_ts_hash_graceful_destroy function in zend_ts_hash.c in the Zend Engine in PHP through 5.5.20 and 5.6.x through 5.6.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
DISPUTED The apprentice_load function in libmagic/apprentice.c in the Fileinfo component in PHP through 5.6.4 attempts to perform a free operation on a stack-based character array, which allows remote attackers to cause a denial of service (memory corruption or application crash) or possibly have unspecified other impact via unknown vectors. NOTE: this is disputed by the vendor because the standard erealloc behavior makes the free operation unreachable.
sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping’s length during processing of an invalid file that begins with a # character and lacks a newline character, which causes an out-of-bounds read and might (1) allow remote attackers to obtain sensitive information from php-cgi process memory by leveraging the ability to upload a .php file or (2) trigger unexpected code execution if a valid PHP script is present in memory locations adjacent to the mapping.
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142.
The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image.
Impact
None
Status
To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:
| Product | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature |
|---|---|---|---|---|
| BIG-IP LTM | None | |||
| 11.0.0 - 11.6.0 | ||||
| 10.0.0 - 10.2.4 | ||||
| Not vulnerable | None | |||
| BIG-IP AAM | None | 11.4.0 - 11.6.0 | ||
| Not vulnerable | None | |||
| BIG-IP AFM | None | 11.3.0 - 11.6.0 | ||
| Not vulnerable | None | |||
| BIG-IP Analytics | None | 11.0.0 - 11.6.0 | ||
| Not vulnerable | None | |||
| BIG-IP APM | None | 11.0.0 - 11.6.0 | ||
| 10.1.0 - 10.2.4 | ||||
| Not vulnerable | None | |||
| BIG-IP ASM | None | 11.0.0 - 11.6.0 | ||
| 10.0.0 - 10.2.4 | ||||
| Not vulnerable | None | |||
| BIG-IP Edge Gateway | ||||
| None | 11.0.0 - 11.3.0 | |||
| 10.1.0 - 10.2.4 | ||||
| Not vulnerable | None | |||
| BIG-IP GTM | None | 11.0.0 - 11.6.0 | ||
| 10.0.0 - 10.2.4 | ||||
| Not vulnerable | None | |||
| BIG-IP Link Controller | None | |||
| 11.0.0 - 11.6.0 | ||||
| 10.0.0 - 10.2.4 | ||||
| Not vulnerable | None | |||
| BIG-IP PEM | None | |||
| 11.3.0 - 11.6.0 | ||||
| Not vulnerable | None | |||
| BIG-IP PSM | None | 11.0.0 - 11.4.1 | ||
| 10.0.0 - 10.2.4 | ||||
| Not vulnerable | None | |||
| BIG-IP WebAccelerator | None | 11.0.0 - 11.3.0 | ||
| 10.0.0 - 10.2.4 | ||||
| Not vulnerable | None | |||
| BIG-IP WOM | None | 11.0.0 - 11.3.0 | ||
| 10.0.0 - 10.2.4 | ||||
| Not vulnerable | None | |||
| ARX | None | 6.0.0 - 6.4.0 | ||
| Not vulnerable | None | |||
| Enterprise Manager | None | 3.0.0 - 3.1.1 | ||
| 2.1.0 - 2.3.0 | ||||
| Not vulnerable | None | |||
| FirePass | None | 7.0.0 | ||
| 6.0.0 - 6.1.0 | ||||
| Not vulnerable | None | |||
| BIG-IQ Cloud | None | |||
| 4.0.0 - 4.5.0 | ||||
| Not vulnerable | None | |||
| BIG-IQ Device | None | |||
| 4.2.0 - 4.5.0 | ||||
| Not vulnerable | None | |||
| BIG-IQ Security | None | |||
| 4.0.0 - 4.5.0 | ||||
| Not vulnerable | None | |||
| BIG-IQ ADC | None | |||
| 4.5.0 | ||||
| Not vulnerable | None | |||
| LineRate | None | |||
| 2.2.0 - 2.5.0 | ||||
| 1.6.0 - 1.6.4 | ||||
| Not vulnerable | None | |||
| F5 WebSafe | None | |||
| 1.0.0 | ||||
| Not vulnerable | None | |||
| Traffix SDC | None | |||
| 3.3.2 - 3.5.1 | ||||
| 4.0.0 - 4.1.0 | ||||
| Not vulnerable | None |
Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.
Recommended Action
None
Supplemental Information
Related
9.6 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.88 High
EPSS
Percentile
98.4%