Unrated severityNVD Advisory· Published Jul 9, 2014· Updated May 6, 2026
CVE-2014-3515
CVE-2014-3515
Description
The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related to "type confusion" issues in (1) ArrayObject and (2) SPLObjectStorage.
Affected products
1- osv-coordsRange: < 5.3.17-47.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
15- bugs.php.net/bug.phpnvdPatchVendor Advisory
- lists.opensuse.org/opensuse-updates/2014-09/msg00046.htmlnvdMailing ListThird Party Advisory
- marc.infonvdMailing ListThird Party Advisory
- rhn.redhat.com/errata/RHSA-2014-1765.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2014-1766.htmlnvdThird Party Advisory
- secunia.com/advisories/59794nvdThird Party Advisory
- secunia.com/advisories/59831nvdThird Party Advisory
- secunia.com/advisories/60998nvdThird Party Advisory
- support.apple.com/kb/HT6443nvdThird Party Advisory
- www-01.ibm.com/support/docview.wssnvdThird Party Advisory
- www.debian.org/security/2014/dsa-2974nvdThird Party Advisory
- www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlnvdThird Party Advisory
- www.php.net/ChangeLog-5.phpnvdVendor Advisory
- www.securityfocus.com/bid/68237nvdThird Party AdvisoryVDB Entry
- git.php.netnvd
News mentions
0No linked articles in our index yet.