CVE-2014-8142 : Detail

Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys within the serialized properties of an object, a different vulnerability than CVE-2004-1019.

Metrics

EPSS

EPSS Score

EPSS Percentile

Exploit information

Exploit Database EDB-ID : 36991

Publication date : 2015-05-10 22h00 +00:00
Author : Filippo Roncari
EDB Verified : No

Exploit Database EDB-ID : 40414

Publication date : 2016-09-21 22h00 +00:00
Author : SEC Consult
EDB Verified : No

Products Mentioned

Configuraton 0

Php>>Php >> Version To (including) 5.4.35

Php>>Php >> Version 5.5.0

Php>>Php >> Version 5.5.0

Php>>Php >> Version 5.5.0

Php>>Php >> Version 5.5.0

Php>>Php >> Version 5.5.0

Php>>Php >> Version 5.5.0

Php>>Php >> Version 5.5.0

Php>>Php >> Version 5.5.0

Php>>Php >> Version 5.5.0

Php>>Php >> Version 5.5.0

Php>>Php >> Version 5.5.0

Php>>Php >> Version 5.5.0

Php>>Php >> Version 5.5.0

Php>>Php >> Version 5.5.1

Php>>Php >> Version 5.5.2

Php>>Php >> Version 5.5.3

Php>>Php >> Version 5.5.4

Php>>Php >> Version 5.5.5

Php>>Php >> Version 5.5.6

Php>>Php >> Version 5.5.7

Php>>Php >> Version 5.5.8

Php>>Php >> Version 5.5.9

Php>>Php >> Version 5.5.10

Php>>Php >> Version 5.5.11

Php>>Php >> Version 5.5.12

Php>>Php >> Version 5.5.13

Php>>Php >> Version 5.5.14

Php>>Php >> Version 5.5.15

Php>>Php >> Version 5.5.16

Php>>Php >> Version 5.5.17

Php>>Php >> Version 5.5.18

Php>>Php >> Version 5.5.19

Php>>Php >> Version 5.6.0

Php>>Php >> Version 5.6.0

Php>>Php >> Version 5.6.0

Php>>Php >> Version 5.6.0

Php>>Php >> Version 5.6.0

Php>>Php >> Version 5.6.0

Php>>Php >> Version 5.6.0

Php>>Php >> Version 5.6.0

Php>>Php >> Version 5.6.0

Php>>Php >> Version 5.6.0

Php>>Php >> Version 5.6.1

Php>>Php >> Version 5.6.2

Php>>Php >> Version 5.6.3

References