CVE-2014-9912

Impact:
Moderate
Public Date:
2014-06-08
CWE:
CWE-121
Bugzilla:
1399433: CVE-2014-9912 php: stack buffer overflow in locale_get_display_name

The MITRE CVE dictionary describes this issue as:

The get_icu_disp_value_src_php function in ext/intl/locale/locale_methods.c in PHP before 5.3.29, 5.4.x before 5.4.30, and 5.5.x before 5.5.14 does not properly restrict calls to the ICU uresbund.cpp component, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a locale_get_display_name call with a long first argument.

Find out more about CVE-2014-9912 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.

Base Score 5.8
Base Metrics AV:N/AC:M/Au:N/C:N/I:P/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact Partial
Availability Impact Partial

CVSS v3 metrics

NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.

CVSS3 Base Score 6.8
CVSS3 Base Metrics CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity Impact Low
Availability Impact High

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Affected Packages State

Platform Package State
Red Hat Software Collections for Red Hat Enterprise Linux rh-php70-php Not affected
Red Hat Software Collections for Red Hat Enterprise Linux rh-php56-php Not affected
Red Hat Enterprise Linux 7 php Will not fix
Red Hat Enterprise Linux 6 php Will not fix
Red Hat Enterprise Linux 5 php53 Will not fix
Red Hat Enterprise Linux 5 php Will not fix
Last Modified

CVE description copyright © 2017, The MITRE Corporation