CVE-2014-3515

Priority
Description
The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly
anticipates that certain data structures will have the array data type
after unserialization, which allows remote attackers to execute arbitrary
code via a crafted string that triggers use of a Hashtable destructor,
related to "type confusion" issues in (1) ArrayObject and (2)
SPLObjectStorage.
Assigned-to
mdeslaur
Notes
Package
Source: php5 (LP Ubuntu Debian)
Upstream:needed
Ubuntu 14.04 ESM (Trusty Tahr):released (5.5.9+dfsg-1ubuntu4.3)
Patches:
Upstream:http://git.php.net/?p=php-src.git;a=commit;h=88223c5245e9b470e1e6362bfd96829562ffe6ab
More Information

Updated: 2019-12-05 18:37:29 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)