[email protected]NVD:CVE-2014-4698

HistoryJul 10, 2014 - 11:06 a.m.

CVE-2014-4698

2014-07-1011:06:29

[email protected]

web.nvd.nist.gov

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.7

Confidence

High

EPSS

0.003

Percentile

69.3%

JSON

Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments.

Affected configurations

Nvd

Node

phpphpRange5.4.0–5.4.32

phpphpRange5.5.0–5.5.15

VendorProductVersionCPE
phpphp*cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
php	php	*	cpe:2.3:a:php:php::::::::

References

lists.apple.com/archives/security-announce/2015/Apr/msg00001.html

lists.opensuse.org/opensuse-updates/2014-07/msg00035.html

lists.opensuse.org/opensuse-updates/2014-09/msg00046.html

rhn.redhat.com/errata/RHSA-2014-1326.html

rhn.redhat.com/errata/RHSA-2014-1327.html

rhn.redhat.com/errata/RHSA-2014-1765.html

rhn.redhat.com/errata/RHSA-2014-1766.html

secunia.com/advisories/54553

secunia.com/advisories/59831

www-01.ibm.com/support/docview.wss?uid=swg21683486

www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

bugs.php.net/bug.php?id=67539

support.apple.com/HT204659

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.7

Confidence

High

EPSS

0.003

Percentile

69.3%

JSON

Related for NVD:CVE-2014-4698

prion1 ubuntucve1 cvelist1 cve1 veracode4 kaspersky1 nessus22 openvas14 mageia1 centos2 f52 hackerone1 redhat4 slackware1 oraclelinux3 ubuntu1 securityvulns4 osv3 suse1 rosalinux1