CVE-2014-4670

Severity

46%

Complexity

39%

Confidentiality

106%

CWE-416: Use After Free

Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments.

CWE-416: Use After Free

CVSS 2.0 Base Score 4.6. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

PHP

First reported 10 years ago

2014-07-10 11:06:00

Last updated 8 years ago

2017-01-07 03:00:00

Affected Software

PHP 5.5.0

5.5.0

PHP 5.5.0 alpha1

5.5.0

PHP 5.5.0 alpha2

5.5.0

PHP 5.5.0 alpha3

5.5.0

PHP 5.5.0 alpha4

5.5.0

PHP 5.5.0 alpha5

5.5.0

PHP 5.5.0 alpha6

5.5.0

PHP 5.5.0 beta1

5.5.0

PHP 5.5.0 beta2

5.5.0

PHP 5.5.0 beta3

5.5.0

PHP 5.5.0 beta4

5.5.0

PHP 5.5.0 release candidate 1

5.5.0

PHP 5.5.0 release candidate 2

5.5.0

PHP 5.5.1

5.5.1

PHP 5.5.2

5.5.2

PHP 5.5.3

5.5.3

PHP 5.5.4

5.5.4

PHP 5.5.5

5.5.5

PHP 5.5.6

5.5.6

PHP 5.5.7

5.5.7

PHP 5.5.8

5.5.8

PHP 5.5.9

5.5.9

PHP 5.5.10

5.5.10

PHP 5.5.11

5.5.11

PHP 5.5.12

5.5.12

PHP 5.5.13

5.5.13

PHP PHP

References

APPLE-SA-2015-04-08-2

openSUSE-SU-2014:0945

openSUSE-SU-2014:1236

RHSA-2014:1326

RHSA-2014:1327

RHSA-2014:1765

RHSA-2014:1766

54553

59831

60696

DSA-3008

http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

http://www-01.ibm.com/support/docview.wss?uid=swg21683486

https://bugs.php.net/bug.php?id=67538

https://support.apple.com/HT204659

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.