What is the severity of CVE-2015-6834?

CVE-2015-6834 has been rated as critical due to its potential to allow remote code execution.

How do I fix CVE-2015-6834?

To resolve CVE-2015-6834, upgrade PHP to versions 5.4.45, 5.5.29, or 5.6.13 or later.

What software versions are vulnerable to CVE-2015-6834?

CVE-2015-6834 affects PHP versions prior to 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13.

What types of vulnerabilities are described in CVE-2015-6834?

CVE-2015-6834 describes multiple use-after-free vulnerabilities related to the Serializable interface, SplObjectStorage class, and SplDoublyLinkedList class.

How can remote attackers exploit CVE-2015-6834?

Remote attackers can exploit CVE-2015-6834 to execute arbitrary code by leveraging the vulnerable PHP functionalities.

Vulnerability/
CVE-2015-6834

critical

9.8

CWE

416

16/5/2016

6/8/2024

CVE-2015-6834: Use After Free

First published: Mon May 16 2016(Updated: )

Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable interface, (2) the SplObjectStorage class, and (3) the SplDoublyLinkedList class, which are mishandled during unserialization.

Credit: meissner@suse.de

Affected Software	Affected Version	How to fix
PHP	<=5.4.44
PHP	=5.5.0
PHP	=5.5.1
PHP	=5.5.2
PHP	=5.5.3
PHP	=5.5.4
PHP	=5.5.5
PHP	=5.5.6
PHP	=5.5.7
PHP	=5.5.8
PHP	=5.5.9
PHP	=5.5.10
PHP	=5.5.11
PHP	=5.5.12
PHP	=5.5.13
PHP	=5.5.14
PHP	=5.5.15
PHP	=5.5.16
PHP	=5.5.17
PHP	=5.5.18
PHP	=5.5.19
PHP	=5.5.20
PHP	=5.5.21
PHP	=5.5.22
PHP	=5.5.23
PHP	=5.5.24
PHP	=5.5.25
PHP	=5.5.26
PHP	=5.5.27
PHP	=5.5.28
PHP	=5.6.0
PHP	=5.6.1
PHP	=5.6.2
PHP	=5.6.3
PHP	=5.6.4
PHP	=5.6.5
PHP	=5.6.6
PHP	=5.6.7
PHP	=5.6.8
PHP	=5.6.9
PHP	=5.6.10
PHP	=5.6.11
PHP	=5.6.12

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2015-6834?
CVE-2015-6834 has been rated as critical due to its potential to allow remote code execution.
How do I fix CVE-2015-6834?
To resolve CVE-2015-6834, upgrade PHP to versions 5.4.45, 5.5.29, or 5.6.13 or later.
What software versions are vulnerable to CVE-2015-6834?
CVE-2015-6834 affects PHP versions prior to 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13.
What types of vulnerabilities are described in CVE-2015-6834?
CVE-2015-6834 describes multiple use-after-free vulnerabilities related to the Serializable interface, SplObjectStorage class, and SplDoublyLinkedList class.
How can remote attackers exploit CVE-2015-6834?
Remote attackers can exploit CVE-2015-6834 to execute arbitrary code by leveraging the vulnerable PHP functionalities.

agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/weakness
agent/last-modified-date
agent/author
agent/event
agent/description
agent/first-publish-date
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/php
canonical/php
version/php/5.4.44
version/php/5.5.0
version/php/5.5.1
version/php/5.5.2
version/php/5.5.3
version/php/5.5.4
version/php/5.5.5
version/php/5.5.6
version/php/5.5.7
version/php/5.5.8
version/php/5.5.9
version/php/5.5.10
version/php/5.5.11
version/php/5.5.12
version/php/5.5.13
version/php/5.5.14
version/php/5.5.15
version/php/5.5.16
version/php/5.5.17
version/php/5.5.18
version/php/5.5.19
version/php/5.5.20
version/php/5.5.21
version/php/5.5.22
version/php/5.5.23
version/php/5.5.24
version/php/5.5.25
version/php/5.5.26
version/php/5.5.27
version/php/5.5.28
version/php/5.6.0
version/php/5.6.1
version/php/5.6.2
version/php/5.6.3
version/php/5.6.4
version/php/5.6.5
version/php/5.6.6
version/php/5.6.7
version/php/5.6.8
version/php/5.6.9
version/php/5.6.10
version/php/5.6.11
version/php/5.6.12

Frequently Asked Questions

What is the severity of CVE-2015-6834?
CVE-2015-6834 has been rated as critical due to its potential to allow remote code execution.
How do I fix CVE-2015-6834?
To resolve CVE-2015-6834, upgrade PHP to versions 5.4.45, 5.5.29, or 5.6.13 or later.
What software versions are vulnerable to CVE-2015-6834?
CVE-2015-6834 affects PHP versions prior to 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13.
What types of vulnerabilities are described in CVE-2015-6834?
CVE-2015-6834 describes multiple use-after-free vulnerabilities related to the Serializable interface, SplObjectStorage class, and SplDoublyLinkedList class.
How can remote attackers exploit CVE-2015-6834?
Remote attackers can exploit CVE-2015-6834 to execute arbitrary code by leveraging the vulnerable PHP functionalities.

CVE-2015-6834: Use After Free

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2015-6834?

How do I fix CVE-2015-6834?

What software versions are vulnerable to CVE-2015-6834?

What types of vulnerabilities are described in CVE-2015-6834?

How can remote attackers exploit CVE-2015-6834?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2015-6834?

How do I fix CVE-2015-6834?

What software versions are vulnerable to CVE-2015-6834?

What types of vulnerabilities are described in CVE-2015-6834?

How can remote attackers exploit CVE-2015-6834?