CVE-2014-3622 : Use-after-free vulnerability in the add_post

Use-after-free vulnerability in the add_post_var function in the Posthandler component in PHP 5.6.x before 5.6.1 might allow remote attackers to execute arbitrary code by leveraging a third-party filter extension that accesses a certain ksep value.

Published 2020-02-19 13:15:11

Updated 2020-02-24 22:06:04

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Memory CorruptionExecute code

Products affected by CVE-2014-3622

PHP » PHP
Versions from including (>=) 5.6.0 and before (<) 5.6.1
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2014-3622

Top countries where our scanners detected CVE-2014-3622

Top open port discovered on systems with this issue 80

IPs affected by CVE-2014-3622 1,101

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2014-3622!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2014-3622

EPSS FAQ

1.95%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 82 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-3622

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2014-3622

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-3622

https://bugs.php.net/bug.php?id=68088

PHP :: Bug #68088 :: New Posthandler Potential Illegal efree() vulnerability
Exploit;Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1151423

1151423 – (CVE-2014-3622) CVE-2014-3622 php: post handler potential illegal efree() vulnerability
Issue Tracking;Patch;Third Party Advisory
http://php.net/ChangeLog-5.php

PHP: PHP 5 ChangeLog
Release Notes;Vendor Advisory

CVEs referencing this url