This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
HTTP:PHP:CORE-INT-OF-CE
|
Severity |
Major
|
Recommended |
No
|
Recommended Action |
Drop
|
Category |
HTTP
|
Keywords |
PHP Core unserialize Function Integer Overflow
|
Release Date |
2014/11/24
|
Update Number |
2444
|
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
HTTP: PHP Core unserialize Function Integer Overflow
This signature detects attempts to exploit a known vulnerability against PHP Core. A successful attack can lead to arbitrary code execution.
Extended Description
Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function that triggers calculation of a large length value.
Affected Products
- Php php 5.4.0
- Php php 5.4.1
- Php php 5.4.10
- Php php 5.4.11
- Php php 5.4.12
- Php php 5.4.13
- Php php 5.4.14
- Php php 5.4.15
- Php php 5.4.16
- Php php 5.4.17
- Php php 5.4.18
- Php php 5.4.19
- Php php 5.4.2
- Php php 5.4.20
- Php php 5.4.21
- Php php 5.4.22
- Php php 5.4.23
- Php php 5.4.24
- Php php 5.4.25
- Php php 5.4.26
- Php php 5.4.27
- Php php 5.4.28
- Php php 5.4.29
- Php php 5.4.3
- Php php 5.4.30
- Php php 5.4.31
- Php php 5.4.32
- Php php 5.4.33
- Php php 5.4.4
- Php php 5.4.5
- Php php 5.4.6
- Php php 5.4.7
- Php php 5.4.8
- Php php 5.4.9
- Php php 5.5.0
- Php php 5.5.1
- Php php 5.5.10
- Php php 5.5.11
- Php php 5.5.12
- Php php 5.5.13
- Php php 5.5.14
- Php php 5.5.15
- Php php 5.5.16
- Php php 5.5.17
- Php php 5.5.2
- Php php 5.5.3
- Php php 5.5.4
- Php php 5.5.5
- Php php 5.5.6
- Php php 5.5.7
- Php php 5.5.8
- Php php 5.5.9
- Php php 5.6.0
- Php php 5.6.1
References