Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9705

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2014-9705
Last Modified 09 Oct 2015 10:00:06
Published 30 Mar 2015 06:59:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-9705

Summary

Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries.

Vulnerable Systems

Application

  • Php 5.4.37

  • Php 5.5.0

  • Php 5.5.1

  • Php 5.5.10

  • Php 5.5.11

  • Php 5.5.12

  • Php 5.5.13

  • Php 5.5.14

  • Php 5.5.15

  • Php 5.5.16

  • Php 5.5.17

  • Php 5.5.18

  • Php 5.5.19

  • Php 5.5.2

  • Php 5.5.20

  • Php 5.5.21

  • Php 5.5.3

  • Php 5.5.4

  • Php 5.5.5

  • Php 5.5.6

  • Php 5.5.7

  • Php 5.5.8

  • Php 5.5.9

  • Php 5.6.0

  • Php 5.6.1

  • Php 5.6.2

  • Php 5.6.3

  • Php 5.6.4

  • Php 5.6.5


References

MISC - https://www.htbridge.com/advisory/HTB23252

CONFIRM - https://bugs.php.net/bug.php?id=68552

CONFIRM - http://php.net/ChangeLog-5.php

MLIST - [oss-security] 20150315 Re: CVE Request: PHP 5.6.6 changelog

UBUNTU - USN-2535-1

DEBIAN - DSA-3195

SUSE - openSUSE-SU-2015:0644

MANDRIVA - MDVSA-2015:079

SECTRACK - 1031948

CONFIRM - http://svn.php.net/viewvc/pecl/enchant/trunk/enchant.c?r1=317600&r2=335803

CONFIRM - https://support.apple.com/HT205267

APPLE - APPLE-SA-2015-09-30-3


Last Updated: 27 May 2016 11:10:02