What is CVE-2014-3669?

CVE-2014-3669 is a vulnerability in Php, classified under CWE-189. Published 2014-10-29.

Is CVE-2014-3669 known to be exploited?

11 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Php

CVE-2014-3669

Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execut…

EPSS: 0.560 (98.1th percentile) — read the EPSS interpretation.

Affected products

Php — versions 5.4.0, 5.4.1, 5.4.2
N/a — versions n/a

Weakness classification (CWE)

CWE-189

Public proof-of-concept exploits

References

RHSA-2014:1824 (x_refsource_REDHAT, vendor-advisory)
59967 (x_refsource_SECUNIA, third-party-advisory)
openSUSE-SU-2014:1391 (vendor-advisory, x_refsource_SUSE)
RHSA-2014:1767 (x_refsource_REDHAT, vendor-advisory)
USN-2391-1 (x_refsource_UBUNTU, vendor-advisory)
secalert@redhat.com (x_refsource_CONFIRM)
openSUSE-SU-2014:1377 (vendor-advisory, x_refsource_SUSE)
61982 (x_refsource_SECUNIA, third-party-advisory)
61763 (x_refsource_SECUNIA, third-party-advisory)
secalert@redhat.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2014-3669?: CVE-2014-3669 is a vulnerability in Php, classified under CWE-189. Published 2014-10-29.
Is CVE-2014-3669 known to be exploited?: 11 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.