What is the severity of CVE-2014-9427?

CVE-2014-9427 has been classified with a medium severity rating.

How do I fix CVE-2014-9427?

To fix CVE-2014-9427, you should upgrade PHP to version 5.4.36, 5.5.20, or 5.6.5 or later.

What systems are affected by CVE-2014-9427?

CVE-2014-9427 affects PHP versions 5.4.36, 5.5.x versions prior to 5.5.20, and 5.6.x versions prior to 5.6.5.

What kind of vulnerability is CVE-2014-9427?

CVE-2014-9427 is a denial of service vulnerability in the CGI component of PHP.

Can CVE-2014-9427 be exploited remotely?

Yes, CVE-2014-9427 can be exploited remotely if the vulnerable software is accessible over the network.

Vulnerability/
CVE-2014-9427

high

7.5

CWE

119

3/1/2015

31/12/2016

CVE-2014-9427: Buffer Overflow

First published: Sat Jan 03 2015(Updated: )

sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping's length during processing of an invalid file that begins with a # character and lacks a newline character, which causes an out-of-bounds read and might (1) allow remote attackers to obtain sensitive information from php-cgi process memory by leveraging the ability to upload a .php file or (2) trigger unexpected code execution if a valid PHP script is present in memory locations adjacent to the mapping.

Credit: security@debian.org

Affected Software	Affected Version	How to fix
PHP	=1.0
PHP	=2.0
PHP	=2.0b10
PHP	=3.0
PHP	=3.0.1
PHP	=3.0.2
PHP	=3.0.3
PHP	=3.0.4
PHP	=3.0.5
PHP	=3.0.6
PHP	=3.0.7
PHP	=3.0.8
PHP	=3.0.9
PHP	=3.0.10
PHP	=3.0.11
PHP	=3.0.12
PHP	=3.0.13
PHP	=3.0.14
PHP	=3.0.15
PHP	=3.0.16
PHP	=3.0.17
PHP	=3.0.18
PHP	=4.0-beta_4_patch1
PHP	=4.0-beta1
PHP	=4.0-beta2
PHP	=4.0-beta3
PHP	=4.0-beta4
PHP	=4.0.0
PHP	=4.0.1
PHP	=4.0.2
PHP	=4.0.3
PHP	=4.0.4
PHP	=4.0.5
PHP	=4.0.6
PHP	=4.0.7
PHP	=4.1.0
PHP	=4.1.1
PHP	=4.1.2
PHP	=4.2.0
PHP	=4.2.1
PHP	=4.2.2
PHP	=4.2.3
PHP	=4.3.0
PHP	=4.3.1
PHP	=4.3.2
PHP	=4.3.3
PHP	=4.3.4
PHP	=4.3.5
PHP	=4.3.6
PHP	=4.3.7
PHP	=4.3.8
PHP	=4.3.9
PHP	=4.3.10
PHP	=4.3.11
PHP	=4.4.0
PHP	=4.4.1
PHP	=4.4.2
PHP	=4.4.3
PHP	=4.4.4
PHP	=4.4.5
PHP	=4.4.6
PHP	=4.4.7
PHP	=4.4.8
PHP	=4.4.9
PHP	=5.0.0
PHP	=5.0.0-beta1
PHP	=5.0.0-beta2
PHP	=5.0.0-beta3
PHP	=5.0.0-beta4
PHP	=5.0.0-rc1
PHP	=5.0.0-rc2
PHP	=5.0.0-rc3
PHP	=5.0.1
PHP	=5.0.2
PHP	=5.0.3
PHP	=5.0.4
PHP	=5.0.5
PHP	=5.1.0
PHP	=5.1.1
PHP	=5.1.2
PHP	=5.1.3
PHP	=5.1.4
PHP	=5.1.5
PHP	=5.1.6
PHP	=5.2.0
PHP	=5.2.1
PHP	=5.2.2
PHP	=5.2.3
PHP	=5.2.4
PHP	=5.2.5
PHP	=5.2.6
PHP	=5.2.7
PHP	=5.2.8
PHP	=5.2.9
PHP	=5.2.10
PHP	=5.2.11
PHP	=5.2.12
PHP	=5.2.13
PHP	=5.2.14
PHP	=5.2.15
PHP	=5.2.16
PHP	=5.2.17
PHP	=5.3.0
PHP	=5.3.1
PHP	=5.3.2
PHP	=5.3.3
PHP	=5.3.4
PHP	=5.3.5
PHP	=5.3.6
PHP	=5.3.7
PHP	=5.3.8
PHP	=5.3.9
PHP	=5.3.10
PHP	=5.3.11
PHP	=5.3.12
PHP	=5.3.13
PHP	=5.3.14
PHP	=5.3.15
PHP	=5.3.16
PHP	=5.3.17
PHP	=5.3.18
PHP	=5.3.19
PHP	=5.3.20
PHP	=5.3.21
PHP	=5.3.22
PHP	=5.3.23
PHP	=5.3.24
PHP	=5.3.25
PHP	=5.3.26
PHP	=5.3.27
PHP	=5.3.28
PHP	=5.4.0
PHP	=5.4.1
PHP	=5.4.2
PHP	=5.4.3
PHP	=5.4.10
PHP	=5.4.11
PHP	=5.4.12
PHP	=5.4.12-rc1
PHP	=5.4.12-rc2
PHP	=5.4.13
PHP	=5.4.13-rc1
PHP	=5.4.14
PHP	=5.4.14-rc1
PHP	=5.4.15-rc1
PHP	=5.4.16-rc1
PHP	=5.4.17
PHP	=5.4.18
PHP	=5.4.19
PHP	=5.4.20
PHP	=5.4.21
PHP	=5.4.22
PHP	=5.4.23
PHP	=5.4.24
PHP	=5.4.25
PHP	=5.4.26
PHP	=5.4.27
PHP	=5.4.28
PHP	=5.4.29
PHP	=5.4.30
PHP	=5.4.34
PHP	=5.4.35
PHP	=5.4.36
PHP	=5.5.0
PHP	=5.5.0-alpha1
PHP	=5.5.0-alpha2
PHP	=5.5.0-alpha3
PHP	=5.5.0-alpha4
PHP	=5.5.0-alpha5
PHP	=5.5.0-alpha6
PHP	=5.5.0-beta1
PHP	=5.5.0-beta2
PHP	=5.5.0-beta3
PHP	=5.5.0-beta4
PHP	=5.5.0-rc1
PHP	=5.5.0-rc2
PHP	=5.5.1
PHP	=5.5.2
PHP	=5.5.3
PHP	=5.5.4
PHP	=5.5.5
PHP	=5.5.6
PHP	=5.5.7
PHP	=5.5.8
PHP	=5.5.9
PHP	=5.5.10
PHP	=5.5.11
PHP	=5.5.12
PHP	=5.5.13
PHP	=5.5.14
PHP	=5.5.18
PHP	=5.5.19
PHP	=5.5.20
PHP	=5.6.0-alpha1
PHP	=5.6.0-alpha2
PHP	=5.6.0-alpha3
PHP	=5.6.0-alpha4
PHP	=5.6.0-alpha5
PHP	=5.6.0-beta1
PHP	=5.6.0-beta2
PHP	=5.6.0-beta3
PHP	=5.6.0-beta4
PHP	=5.6.2
PHP	=5.6.3
PHP	=5.6.4

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-9427?
CVE-2014-9427 has been classified with a medium severity rating.
How do I fix CVE-2014-9427?
To fix CVE-2014-9427, you should upgrade PHP to version 5.4.36, 5.5.20, or 5.6.5 or later.
What systems are affected by CVE-2014-9427?
CVE-2014-9427 affects PHP versions 5.4.36, 5.5.x versions prior to 5.5.20, and 5.6.x versions prior to 5.6.5.
What kind of vulnerability is CVE-2014-9427?
CVE-2014-9427 is a denial of service vulnerability in the CGI component of PHP.
Can CVE-2014-9427 be exploited remotely?
Yes, CVE-2014-9427 can be exploited remotely if the vulnerable software is accessible over the network.

agent/weakness
agent/references
agent/severity
agent/author
agent/type
agent/event
agent/description
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/php
canonical/php
version/php/1.0
version/php/2.0
version/php/2.0b10
version/php/3.0
version/php/3.0.1
version/php/3.0.2
version/php/3.0.3
version/php/3.0.4
version/php/3.0.5
version/php/3.0.6
version/php/3.0.7
version/php/3.0.8
version/php/3.0.9
version/php/3.0.10
version/php/3.0.11
version/php/3.0.12
version/php/3.0.13
version/php/3.0.14
version/php/3.0.15
version/php/3.0.16
version/php/3.0.17
version/php/3.0.18
version/php/4.0-beta_4_patch1
version/php/4.0-beta1
version/php/4.0-beta2
version/php/4.0-beta3
version/php/4.0-beta4
version/php/4.0.0
version/php/4.0.1
version/php/4.0.2
version/php/4.0.3
version/php/4.0.4
version/php/4.0.5
version/php/4.0.6
version/php/4.0.7
version/php/4.1.0
version/php/4.1.1
version/php/4.1.2
version/php/4.2.0
version/php/4.2.1
version/php/4.2.2
version/php/4.2.3
version/php/4.3.0
version/php/4.3.1
version/php/4.3.2
version/php/4.3.3
version/php/4.3.4
version/php/4.3.5
version/php/4.3.6
version/php/4.3.7
version/php/4.3.8
version/php/4.3.9
version/php/4.3.10
version/php/4.3.11
version/php/4.4.0
version/php/4.4.1
version/php/4.4.2
version/php/4.4.3
version/php/4.4.4
version/php/4.4.5
version/php/4.4.6
version/php/4.4.7
version/php/4.4.8
version/php/4.4.9
version/php/5.0.0
version/php/5.0.0-beta1
version/php/5.0.0-beta2
version/php/5.0.0-beta3
version/php/5.0.0-beta4
version/php/5.0.0-rc1
version/php/5.0.0-rc2
version/php/5.0.0-rc3
version/php/5.0.1
version/php/5.0.2
version/php/5.0.3
version/php/5.0.4
version/php/5.0.5
version/php/5.1.0
version/php/5.1.1
version/php/5.1.2
version/php/5.1.3
version/php/5.1.4
version/php/5.1.5
version/php/5.1.6
version/php/5.2.0
version/php/5.2.1
version/php/5.2.2
version/php/5.2.3
version/php/5.2.4
version/php/5.2.5
version/php/5.2.6
version/php/5.2.7
version/php/5.2.8
version/php/5.2.9
version/php/5.2.10
version/php/5.2.11
version/php/5.2.12
version/php/5.2.13
version/php/5.2.14
version/php/5.2.15
version/php/5.2.16
version/php/5.2.17
version/php/5.3.0
version/php/5.3.1
version/php/5.3.2
version/php/5.3.3
version/php/5.3.4
version/php/5.3.5
version/php/5.3.6
version/php/5.3.7
version/php/5.3.8
version/php/5.3.9
version/php/5.3.10
version/php/5.3.11
version/php/5.3.12
version/php/5.3.13
version/php/5.3.14
version/php/5.3.15
version/php/5.3.16
version/php/5.3.17
version/php/5.3.18
version/php/5.3.19
version/php/5.3.20
version/php/5.3.21
version/php/5.3.22
version/php/5.3.23
version/php/5.3.24
version/php/5.3.25
version/php/5.3.26
version/php/5.3.27
version/php/5.3.28
version/php/5.4.0
version/php/5.4.1
version/php/5.4.2
version/php/5.4.3
version/php/5.4.10
version/php/5.4.11
version/php/5.4.12
version/php/5.4.12-rc1
version/php/5.4.12-rc2
version/php/5.4.13
version/php/5.4.13-rc1
version/php/5.4.14
version/php/5.4.14-rc1
version/php/5.4.15-rc1
version/php/5.4.16-rc1
version/php/5.4.17
version/php/5.4.18
version/php/5.4.19
version/php/5.4.20
version/php/5.4.21
version/php/5.4.22
version/php/5.4.23
version/php/5.4.24
version/php/5.4.25
version/php/5.4.26
version/php/5.4.27
version/php/5.4.28
version/php/5.4.29
version/php/5.4.30
version/php/5.4.34
version/php/5.4.35
version/php/5.4.36
version/php/5.5.0
version/php/5.5.0-alpha1
version/php/5.5.0-alpha2
version/php/5.5.0-alpha3
version/php/5.5.0-alpha4
version/php/5.5.0-alpha5
version/php/5.5.0-alpha6
version/php/5.5.0-beta1
version/php/5.5.0-beta2
version/php/5.5.0-beta3
version/php/5.5.0-beta4
version/php/5.5.0-rc1
version/php/5.5.0-rc2
version/php/5.5.1
version/php/5.5.2
version/php/5.5.3
version/php/5.5.4
version/php/5.5.5
version/php/5.5.6
version/php/5.5.7
version/php/5.5.8
version/php/5.5.9
version/php/5.5.10
version/php/5.5.11
version/php/5.5.12
version/php/5.5.13
version/php/5.5.14
version/php/5.5.18
version/php/5.5.19
version/php/5.5.20
version/php/5.6.0-alpha1
version/php/5.6.0-alpha2
version/php/5.6.0-alpha3
version/php/5.6.0-alpha4
version/php/5.6.0-alpha5
version/php/5.6.0-beta1
version/php/5.6.0-beta2
version/php/5.6.0-beta3
version/php/5.6.0-beta4
version/php/5.6.2
version/php/5.6.3
version/php/5.6.4

CVE-2014-9427: Buffer Overflow

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-9427?

How do I fix CVE-2014-9427?

What systems are affected by CVE-2014-9427?

What kind of vulnerability is CVE-2014-9427?

Can CVE-2014-9427 be exploited remotely?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2014-9427?

How do I fix CVE-2014-9427?

What systems are affected by CVE-2014-9427?

What kind of vulnerability is CVE-2014-9427?

Can CVE-2014-9427 be exploited remotely?