Breaking News

PHP has fixed several vulnerabilities allowing remote code execution

PHP developers have released a patch 5.6.2,5.5.18 and 5.4.34 for its scripting language. Three vulnerabilities – CVE-2014-3668, CVE-2014-3669 and CVE-2014-3670.

All holes were discovered in September of this year.

The most dangerous flaw was patched vulnerabilities CVE-2014-3669.It can cause an integer overflow when parsing specially crafted serialized data with the unserialize ().The vulnerability is only a 32-bit system, but the danger is caused by the breach and that the serialized data often come from user-controlled channels.

In addition, the updates have been corrected errors associated with the introduction of a null byte in the library cURL, calling the damage dynamic memory during processing of the modified data as a function of exif_thumbnail () in image processing (CVE-2014-3670), as well as buffer overflow in the function mkgmtime () from the module XMLRPC (CVE-2014-3668).


The vulnerabilities were originally discovered by the Research Lab of IT security company High-Tech Bridge

About Team | NewsPatrolling

Comments are closed.

Scroll To Top