{
  "threat_severity" : "Low",
  "public_date" : "2014-12-30T00:00:00Z",
  "bugzilla" : {
    "description" : "php: Double-free in zend_ts_hash_graceful_destroy()",
    "id" : "1177734",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1177734"
  },
  "cvss" : {
    "cvss_base_score" : "4.3",
    "cvss_scoring_vector" : "AV:N/AC:M/Au:N/C:N/I:N/A:P",
    "status" : "verified"
  },
  "cwe" : "CWE-416",
  "details" : [ "Double free vulnerability in the zend_ts_hash_graceful_destroy function in zend_ts_hash.c in the Zend Engine in PHP through 5.5.20 and 5.6.x through 5.6.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.", "A double free flaw was found in zend_ts_hash_graceful_destroy() function in the PHP ZTS module. This flaw could possibly cause a PHP application to crash." ],
  "statement" : "This issue did not affect the versions of php and php53 as shipped with Red Hat Enterprise Linux 5, and the versions of php as shipped with Red Hat Enterprise Linux 7.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2015-07-09T00:00:00Z",
    "advisory" : "RHSA-2015:1218",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "php-0:5.3.3-46.el6_6"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "php",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "php53",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "php",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Software Collections",
    "fix_state" : "Not affected",
    "package_name" : "php54-php",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:1"
  }, {
    "product_name" : "Red Hat Software Collections",
    "fix_state" : "Not affected",
    "package_name" : "php55-php",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:1"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2014-9425\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9425" ],
  "name" : "CVE-2014-9425",
  "csaw" : false
}