What is CVE-2014-8142?

CVE-2014-8142 is a vulnerability in Php. Published 2014-12-20.

Is CVE-2014-8142 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Php

CVE-2014-8142

Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserial…

EPSS: 0.883 (99.5th percentile) — read the EPSS interpretation.

Affected products

Php — versions 5.5.0, 5.5.1, 5.5.2
N/a — versions n/a

Public proof-of-concept exploits

References

71791 (vdb-entry, x_refsource_BID)
secalert@redhat.com (x_refsource_CONFIRM)
HPSBMU03409 (x_refsource_HP, vendor-advisory)
SUSE-SU-2015:0365 (vendor-advisory, x_refsource_SUSE)
HPSBMU03380 (x_refsource_HP, vendor-advisory)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM)
SSRT102066 (x_refsource_HP, vendor-advisory)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
openSUSE-SU-2015:0325 (vendor-advisory, x_refsource_SUSE)

Frequently asked questions

What is CVE-2014-8142?: CVE-2014-8142 is a vulnerability in Php. Published 2014-12-20.
Is CVE-2014-8142 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.