CVE-2014-3515

Name	CVE-2014-3515
Description	The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related to "type confusion" issues in (1) ArrayObject and (2) SPLObjectStorage.
Source	CVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
References	DLA-0018-1, DSA-2974-1
NVD severity	high (attack range: remote)
Debian/oldstable	package php5 is vulnerable.
Debian/stable	not vulnerable.
Debian/testing	not vulnerable.
Debian/unstable	not vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
php5 (PTS)	squeeze (security), squeeze	5.3.3-7+squeeze19	vulnerable
	squeeze (lts)	5.3.3-7+squeeze25	fixed
	wheezy	5.4.36-0+deb7u1	fixed
	wheezy (security)	5.4.36-0+deb7u3	fixed
	jessie	5.6.5+dfsg-2	fixed
	sid	5.6.6+dfsg-2	fixed

The information above is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin
php5	source	(unstable)	5.6.0~rc2+dfsg-1	high
php5	source	squeeze	5.3.3-7+squeeze21	high
php5	source	wheezy	5.4.4-14+deb7u12	high	DSA-2974-1

https://bugs.php.net/bug.php?id=67492