CVE-2015-6831: Use After Free
First published: Tue Jan 19 2016(Updated: )
Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during unserialization.
Credit: meissner@suse.de
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PHP PHP | <5.4.44 | |
| PHP PHP | >=5.5.0<5.5.28 | |
| PHP PHP | >=5.6.0<5.6.12 | |
| Debian Debian Linux | =7.0 | |
| Debian Debian Linux | =8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.debian.org/security/2015/dsa-3344
- http://www.openwall.com/lists/oss-security/2015/08/19/3
- http://www.php.net/ChangeLog-5.php
- http://www.securityfocus.com/bid/76737
- https://bugs.php.net/bug.php?id=70155
- https://bugs.php.net/bug.php?id=70166
- https://bugs.php.net/bug.php?id=70168
- https://bugs.php.net/bug.php?id=70169
- https://security.gentoo.org/glsa/201606-10
- collector/nvd-index
- agent/severity
- agent/author
- agent/event
- agent/tags
- agent/weakness
- agent/references
- agent/type
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/php
- canonical/php php
- version/php php/5.5.0
- version/php php/5.6.0
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/7.0
- version/debian debian linux/8.0