CVE-2014-0238 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Vector
NIST	NIST	5 UNKNOWN	NETWORK	LOW	AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat	CNA	---			---
CVE	ADP	---			---

Base Score

CVSS 3.x

EPSS Score

Percentile: 96%

Vendor	Product	Version
php	php	𝑥 < 5.3.29
php	php	5.4.0 ≤ 𝑥 < 5.4.29
php	php	5.5.0 ≤ 𝑥 < 5.5.13
debian	debian_linux	7.0
debian	debian_linux	8.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

file

bullseye (security)	1:5.39-3+deb11u1 fixed
bullseye	1:5.39-3+deb11u1 fixed
bookworm	1:5.44-3 fixed
sid	1:5.45-3 fixed
trixie	1:5.45-3 fixed

Ubuntu Releases

Ubuntu Product

Codename

php5

trusty	Fixed 5.5.9+dfsg-1ubuntu4.1 released
saucy	Fixed 5.5.3+dfsg-1ubuntu2.4 released
precise	Fixed 5.3.10-1ubuntu3.12 released
lucid	Fixed 5.3.2-1ubuntu4.25 released

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00002.html

http://rhn.redhat.com/errata/RHSA-2014-1765.html

http://rhn.redhat.com/errata/RHSA-2014-1766.html

http://secunia.com/advisories/59061

http://secunia.com/advisories/59329

http://secunia.com/advisories/59418

http://secunia.com/advisories/60998

http://support.apple.com/kb/HT6443

http://www-01.ibm.com/support/docview.wss?uid=swg21683486

http://www.debian.org/security/2014/dsa-3021

http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

http://www.php.net/ChangeLog-5.php

http://www.securityfocus.com/bid/67765

https://bugs.php.net/bug.php?id=67327

https://github.com/file/file/commit/f97486ef5dc3e8735440edc4fc8808c63e1a3ef0

https://support.apple.com/HT204659

http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00002.html

http://rhn.redhat.com/errata/RHSA-2014-1765.html

http://rhn.redhat.com/errata/RHSA-2014-1766.html

http://secunia.com/advisories/59061

http://secunia.com/advisories/59329

http://secunia.com/advisories/59418

http://secunia.com/advisories/60998

http://support.apple.com/kb/HT6443

http://www-01.ibm.com/support/docview.wss?uid=swg21683486

http://www.debian.org/security/2014/dsa-3021

http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

http://www.php.net/ChangeLog-5.php

http://www.securityfocus.com/bid/67765

https://bugs.php.net/bug.php?id=67327

https://github.com/file/file/commit/f97486ef5dc3e8735440edc4fc8808c63e1a3ef0

https://support.apple.com/HT204659