CVE-2014-9912

EUVD-2014-9717
The get_icu_disp_value_src_php function in ext/intl/locale/locale_methods.c in PHP before 5.3.29, 5.4.x before 5.4.30, and 5.5.x before 5.5.14 does not properly restrict calls to the ICU uresbund.cpp component, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a locale_get_display_name call with a long first argument.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
Affected Products (NVD)
VendorProductVersion
phpphp
𝑥
≤ 5.3.28
phpphp
5.4.0
phpphp
5.4.1
phpphp
5.4.2
phpphp
5.4.3
phpphp
5.4.4
phpphp
5.4.5
phpphp
5.4.6
phpphp
5.4.7
phpphp
5.4.8
phpphp
5.4.9
phpphp
5.4.10
phpphp
5.4.11
phpphp
5.4.12
phpphp
5.4.12:rc1
phpphp
5.4.12:rc2
phpphp
5.4.13
phpphp
5.4.13:rc1
phpphp
5.4.14
phpphp
5.4.14:rc1
phpphp
5.4.15
phpphp
5.4.15:rc1
phpphp
5.4.16:rc1
phpphp
5.4.17
phpphp
5.4.18
phpphp
5.4.19
phpphp
5.4.20
phpphp
5.4.21
phpphp
5.4.22
phpphp
5.4.23
phpphp
5.4.24
phpphp
5.4.25
phpphp
5.4.26
phpphp
5.4.27
phpphp
5.4.28
phpphp
5.4.29
phpphp
5.5.0
phpphp
5.5.0:alpha1
phpphp
5.5.0:alpha2
phpphp
5.5.0:alpha3
phpphp
5.5.0:alpha4
phpphp
5.5.0:alpha5
phpphp
5.5.0:alpha6
phpphp
5.5.0:beta1
phpphp
5.5.0:beta2
phpphp
5.5.0:beta3
phpphp
5.5.0:beta4
phpphp
5.5.0:rc1
phpphp
5.5.0:rc2
phpphp
5.5.1
phpphp
5.5.2
phpphp
5.5.3
phpphp
5.5.4
phpphp
5.5.5
phpphp
5.5.6
phpphp
5.5.7
phpphp
5.5.8
phpphp
5.5.9
phpphp
5.5.10
phpphp
5.5.11
phpphp
5.5.12
phpphp
5.5.13
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
php5
precise
Fixed 5.3.10-1ubuntu3.26
released
trusty
Fixed 5.5.9+dfsg-1ubuntu4.21
released
xenial
dne
yakkety
dne
php7.0
precise
dne
trusty
dne
xenial
not-affected
yakkety
not-affected
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2016/11/25/1
http://www.php.net/ChangeLog-5.php
http://www.securityfocus.com/bid/68549
https://bugs.php.net/bug.php?id=67397
https://bugzilla.redhat.com/show_bug.cgi?id=1383569
http://www.openwall.com/lists/oss-security/2016/11/25/1
http://www.php.net/ChangeLog-5.php
http://www.securityfocus.com/bid/68549
https://bugs.php.net/bug.php?id=67397
https://bugzilla.redhat.com/show_bug.cgi?id=1383569