Vulnerability Management

PHP vulnerabilities patched

PHP developers have fixed a number of vulnerabilities that would have allowed remote code execution.

High-Tech Bridge researchers had discovered the vulnerabilities, the most critical being CVE-2014-3669, which, Security Lab Russia said “can cause an integer overflow when parsing specially crafted serialized data with the [unserialized].”

While it only applies to a 32-bit system, the vulnerability can wreak havoc. The two other vulnerabilities patched were CVE-2014-3668 and CVE-2014-3669, correcting errors “associated with the introduction of a null byte in he library cURL.

More than 80 percent of all websites on the internet are written in the server-side scripting and general-purpose programming language.

Related

Updated CISA vulnerabilities catalog includes GeoVision IoT bugs

Ongoing attacks leveraging a pair of critical operating system command injection flaws impacting GeoVision Internet of Things devices, tracked as CVE-2024-6047 and CVE-2024-11120, have prompted their inclusion in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog, with federal agencies urged to remediate the security flaws by May 28, according to Security Affairs.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

BugBuffer OverflowDisassembly

You can skip this ad in 5 seconds