What is the severity of CVE-2015-6838?

CVE-2015-6838 is rated as having a medium severity, due to the potential for an attacker to exploit PHP's XSLT processor.

How do I fix CVE-2015-6838?

To fix CVE-2015-6838, upgrade to PHP version 5.6.13 or newer, or to 5.5.29 or newer.

Which PHP versions are vulnerable to CVE-2015-6838?

PHP versions before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 are vulnerable to CVE-2015-6838.

What components are affected by CVE-2015-6838?

CVE-2015-6838 affects the xsl_ext_function_php function in PHP when using libxml2 versions earlier than 2.9.2.

Can CVE-2015-6838 lead to remote code execution?

CVE-2015-6838 does not directly enable remote code execution but may allow an attacker to exploit the XSLT processor under specific conditions.

Vulnerability/
CVE-2015-6838

high

7.5

CWE

476

16/5/2016

6/8/2024

CVE-2015-6838: Null Pointer Dereference

First published: Mon May 16 2016(Updated: )

The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation after the principal argument loop, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6837.

Credit: meissner@suse.de

Affected Software	Affected Version	How to fix
PHP	=5.6.0-alpha1
PHP	=5.6.0-alpha2
PHP	=5.6.0-alpha3
PHP	=5.6.0-alpha4
PHP	=5.6.0-alpha5
PHP	=5.6.0-beta1
PHP	=5.6.0-beta2
PHP	=5.6.0-beta3
PHP	=5.6.0-beta4
PHP	=5.6.1
PHP	=5.6.2
PHP	=5.6.3
PHP	=5.6.4
PHP	=5.6.5
PHP	=5.6.6
PHP	=5.6.7
PHP	=5.6.8
PHP	=5.6.9
PHP	=5.6.10
PHP	=5.6.11
PHP	=5.6.12
libxml2-devel	<=2.9.1
PHP	=5.5.0
PHP	=5.5.0-alpha1
PHP	=5.5.0-alpha2
PHP	=5.5.0-alpha3
PHP	=5.5.0-alpha4
PHP	=5.5.0-alpha5
PHP	=5.5.0-alpha6
PHP	=5.5.0-beta1
PHP	=5.5.0-beta2
PHP	=5.5.0-beta3
PHP	=5.5.0-beta4
PHP	=5.5.0-rc1
PHP	=5.5.0-rc2
PHP	=5.5.1
PHP	=5.5.2
PHP	=5.5.3
PHP	=5.5.4
PHP	=5.5.5
PHP	=5.5.6
PHP	=5.5.7
PHP	=5.5.8
PHP	=5.5.9
PHP	=5.5.10
PHP	=5.5.11
PHP	=5.5.12
PHP	=5.5.13
PHP	=5.5.14
PHP	=5.5.15
PHP	=5.5.16
PHP	=5.5.17
PHP	=5.5.18
PHP	=5.5.19
PHP	=5.5.20
PHP	=5.5.21
PHP	=5.5.22
PHP	=5.5.23
PHP	=5.5.24
PHP	=5.5.25
PHP	=5.5.26
PHP	=5.5.27
PHP	=5.5.28
PHP	<=5.4.44

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2015-6838?
CVE-2015-6838 is rated as having a medium severity, due to the potential for an attacker to exploit PHP's XSLT processor.
How do I fix CVE-2015-6838?
To fix CVE-2015-6838, upgrade to PHP version 5.6.13 or newer, or to 5.5.29 or newer.
Which PHP versions are vulnerable to CVE-2015-6838?
PHP versions before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 are vulnerable to CVE-2015-6838.
What components are affected by CVE-2015-6838?
CVE-2015-6838 affects the xsl_ext_function_php function in PHP when using libxml2 versions earlier than 2.9.2.
Can CVE-2015-6838 lead to remote code execution?
CVE-2015-6838 does not directly enable remote code execution but may allow an attacker to exploit the XSLT processor under specific conditions.

agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/weakness
agent/last-modified-date
agent/author
agent/event
agent/description
agent/first-publish-date
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
agent/softwarecombine
vendor/php
canonical/php
version/php/5.6.0-alpha1
version/php/5.6.0-alpha2
version/php/5.6.0-alpha3
version/php/5.6.0-alpha4
version/php/5.6.0-alpha5
version/php/5.6.0-beta1
version/php/5.6.0-beta2
version/php/5.6.0-beta3
version/php/5.6.0-beta4
version/php/5.6.1
version/php/5.6.2
version/php/5.6.3
version/php/5.6.4
version/php/5.6.5
version/php/5.6.6
version/php/5.6.7
version/php/5.6.8
version/php/5.6.9
version/php/5.6.10
version/php/5.6.11
version/php/5.6.12
vendor/xmlsoft
canonical/libxml2-devel
version/libxml2-devel/2.9.1
version/php/5.5.0
version/php/5.5.0-alpha1
version/php/5.5.0-alpha2
version/php/5.5.0-alpha3
version/php/5.5.0-alpha4
version/php/5.5.0-alpha5
version/php/5.5.0-alpha6
version/php/5.5.0-beta1
version/php/5.5.0-beta2
version/php/5.5.0-beta3
version/php/5.5.0-beta4
version/php/5.5.0-rc1
version/php/5.5.0-rc2
version/php/5.5.1
version/php/5.5.2
version/php/5.5.3
version/php/5.5.4
version/php/5.5.5
version/php/5.5.6
version/php/5.5.7
version/php/5.5.8
version/php/5.5.9
version/php/5.5.10
version/php/5.5.11
version/php/5.5.12
version/php/5.5.13
version/php/5.5.14
version/php/5.5.15
version/php/5.5.16
version/php/5.5.17
version/php/5.5.18
version/php/5.5.19
version/php/5.5.20
version/php/5.5.21
version/php/5.5.22
version/php/5.5.23
version/php/5.5.24
version/php/5.5.25
version/php/5.5.26
version/php/5.5.27
version/php/5.5.28
version/php/5.4.44

Frequently Asked Questions

What is the severity of CVE-2015-6838?
CVE-2015-6838 is rated as having a medium severity, due to the potential for an attacker to exploit PHP's XSLT processor.
How do I fix CVE-2015-6838?
To fix CVE-2015-6838, upgrade to PHP version 5.6.13 or newer, or to 5.5.29 or newer.
Which PHP versions are vulnerable to CVE-2015-6838?
PHP versions before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 are vulnerable to CVE-2015-6838.
What components are affected by CVE-2015-6838?
CVE-2015-6838 affects the xsl_ext_function_php function in PHP when using libxml2 versions earlier than 2.9.2.
Can CVE-2015-6838 lead to remote code execution?
CVE-2015-6838 does not directly enable remote code execution but may allow an attacker to exploit the XSLT processor under specific conditions.

CVE-2015-6838: Null Pointer Dereference

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2015-6838?

How do I fix CVE-2015-6838?

Which PHP versions are vulnerable to CVE-2015-6838?

What components are affected by CVE-2015-6838?

Can CVE-2015-6838 lead to remote code execution?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2015-6838?

How do I fix CVE-2015-6838?

Which PHP versions are vulnerable to CVE-2015-6838?

What components are affected by CVE-2015-6838?

Can CVE-2015-6838 lead to remote code execution?