Информационная безопасность
[RU] switch to English


CVECVE-2014-9427
СтатусCandidate
Описаниеsapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping's length during processing of an invalid file that begins with a # character and lacks a newline character, which causes an out-of-bounds read and might (1) allow remote attackers to obtain sensitive information from php-cgi process memory by leveraging the ability to upload a .php file or (2) trigger unexpected code execution if a valid PHP script is present in memory locations adjacent to the mapping.
Важность
High
CVSS score7,5
CVSS vector(AV:N/AC:L/Au:N/C:P/I:P/A:P)
PhaseAssigned (09.10.2015)
NVD:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9427
ReferencesCONFIRM : http://advisories.mageia.org/MGASA-2015-0040.html
 CONFIRM : http://git.php.net/?p=php-src.git;a=commit;h=f9ad3...
 CONFIRM : https://bugs.php.net/bug.php?id=68618
 MANDRIVA : MDVSA-2015:032
 SUSE : openSUSE-SU-2015:0325
 SUSE : SUSE-SU-2015:0365
 MLIST : [oss-security] 20141231 Re: CVE Request: PHP: out of bounds read crashes php-cgi
 MLIST : [oss-security] 20141231 Re: CVE Request: PHP: out of bounds read crashes php-cgi
 MLIST : [oss-security] 20150103 Re: CVE Request: PHP: out of bounds read crashes php-cgi
SecurityVulns:Многочисленные уязвимости безопасности в PHP
 Многочисленные уязвимости безопасности в Apple Mac OS X / Mac EFI / OS X Server
О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород