Unrated severityNVD Advisory· Published Jul 9, 2014· Updated Jun 17, 2026
CVE-2014-3515
CVE-2014-3515
Description
The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related to "type confusion" issues in (1) ArrayObject and (2) SPLObjectStorage.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5- osv-coordsRange: < 5.3.17-47.1
Patches
Vulnerability mechanics
References
15- bugs.php.net/bug.phpnvdPatchVendor Advisory
- lists.opensuse.org/opensuse-updates/2014-09/msg00046.htmlnvdMailing ListThird Party Advisory
- marc.infonvdMailing ListThird Party Advisory
- rhn.redhat.com/errata/RHSA-2014-1765.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2014-1766.htmlnvdThird Party Advisory
- secunia.com/advisories/59794nvdThird Party Advisory
- secunia.com/advisories/59831nvdThird Party Advisory
- secunia.com/advisories/60998nvdThird Party Advisory
- support.apple.com/kb/HT6443nvdThird Party Advisory
- www-01.ibm.com/support/docview.wssnvdThird Party Advisory
- www.debian.org/security/2014/dsa-2974nvdThird Party Advisory
- www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlnvdThird Party Advisory
- www.php.net/ChangeLog-5.phpnvdVendor Advisory
- www.securityfocus.com/bid/68237nvdThird Party AdvisoryVDB Entry
- git.php.netnvd
News mentions
0No linked articles in our index yet.