CVE-2014-3622 - OpenCVE

Use-after-free vulnerability in the add_post_var function in the Posthandler component in PHP 5.6.x before 5.6.1 might allow remote attackers to execute arbitrary code by leveraging a third-party filter extension that accesses a certain ksep value.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Php	Php

Configuration 1 [-]

cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

References

Link	Resource
http://php.net/ChangeLog-5.php	Release Notes Vendor Advisory
https://bugs.php.net/bug.php?id=68088	Exploit Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1151423	Issue Tracking Patch Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2020-02-19T12:46:23

Updated: 2020-02-19T12:46:23

Reserved: 2014-05-14T00:00:00

Link: CVE-2014-3622

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-02-19T13:15:10.510

Modified: 2020-02-24T22:06:04.003

Link: CVE-2014-3622

JSON object: View

Redhat Information

No data.

CWE

CWE-416

{"containers": {"cna": {"affected": [{"product": "PHP", "vendor": "PHP", "versions": [{"status": "affected", "version": "5.6.x before 5.6.1"}]}], "datePublic": "2014-10-02T00:00:00", "descriptions": [{"lang": "en", "value": "Use-after-free vulnerability in the add_post_var function in the Posthandler component in PHP 5.6.x before 5.6.1 might allow remote attackers to execute arbitrary code by leveraging a third-party filter extension that accesses a certain ksep value."}], "problemTypes": [{"descriptions": [{"description": "Other", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-02-19T12:46:23", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://php.net/ChangeLog-5.php"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1151423"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.php.net/bug.php?id=68088"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-3622", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "PHP", "version": {"version_data": [{"version_value": "5.6.x before 5.6.1"}]}}]}, "vendor_name": "PHP"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Use-after-free vulnerability in the add_post_var function in the Posthandler component in PHP 5.6.x before 5.6.1 might allow remote attackers to execute arbitrary code by leveraging a third-party filter extension that accesses a certain ksep value."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Other"}]}]}, "references": {"reference_data": [{"name": "http://php.net/ChangeLog-5.php", "refsource": "MISC", "url": "http://php.net/ChangeLog-5.php"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1151423", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1151423"}, {"name": "https://bugs.php.net/bug.php?id=68088", "refsource": "MISC", "url": "https://bugs.php.net/bug.php?id=68088"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-3622", "datePublished": "2020-02-19T12:46:23", "dateReserved": "2014-05-14T00:00:00", "dateUpdated": "2020-02-19T12:46:23", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "140FE05E-C57D-4001-9073-0098F2FF129E", "versionEndExcluding": "5.6.1", "versionStartIncluding": "5.6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Use-after-free vulnerability in the add_post_var function in the Posthandler component in PHP 5.6.x before 5.6.1 might allow remote attackers to execute arbitrary code by leveraging a third-party filter extension that accesses a certain ksep value."}, {"lang": "es", "value": "Una vulnerabilidad de uso de la memoria previamente liberada en la funci\u00f3n add_post_var en el componente Posthandler en PHP versiones 5.6.x anteriores a 5.6.1, podr\u00eda permitir a atacantes remotos ejecutar c\u00f3digo arbitrario al aprovechar una extensi\u00f3n del filtro de terceros que accede a un determinado valor de ksep."}], "id": "CVE-2014-3622", "lastModified": "2020-02-24T22:06:04.003", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-02-19T13:15:10.510", "references": [{"source": "secalert@redhat.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "http://php.net/ChangeLog-5.php"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://bugs.php.net/bug.php?id=68088"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1151423"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}