Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during unserialization.
References
Configurations
History
05 Aug 2022, 14:28
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-416 | |
References | (CONFIRM) https://bugs.php.net/bug.php?id=70169 - Exploit, Issue Tracking, Vendor Advisory | |
References | (GENTOO) https://security.gentoo.org/glsa/201606-10 - Third Party Advisory | |
References | (CONFIRM) https://bugs.php.net/bug.php?id=70155 - Exploit, Issue Tracking, Vendor Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2015/08/19/3 - Mailing List, Third Party Advisory | |
References | (DEBIAN) http://www.debian.org/security/2015/dsa-3344 - Third Party Advisory | |
References | (BID) http://www.securityfocus.com/bid/76737 - Third Party Advisory, VDB Entry | |
References | (CONFIRM) https://bugs.php.net/bug.php?id=70166 - Exploit, Issue Tracking, Vendor Advisory | |
References | (CONFIRM) https://bugs.php.net/bug.php?id=70168 - Exploit, Issue Tracking, Vendor Advisory | |
References | (CONFIRM) http://www.php.net/ChangeLog-5.php - Release Notes, Vendor Advisory | |
CPE | cpe:2.3:a:php:php:5.6.11:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.24:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:* cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.27:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.22:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.6.0:beta4:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.25:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.14:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.20:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:* cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:* cpe:2.3:a:php:php:5.6.8:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:* cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:* cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.21:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.26:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.18:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.43:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.23:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:* cpe:2.3:a:php:php:5.6.10:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:* cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.19:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:* cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.6.9:*:*:*:*:*:*:* |
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* cpe:2.3:a:php:php:*:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* |
Information
Published : 2016-01-19 05:59
Updated : 2024-02-04 18:53
NVD link : CVE-2015-6831
Mitre link : CVE-2015-6831
CVE.ORG link : CVE-2015-6831
JSON object : View
Products Affected
php
- php
debian
- debian_linux
CWE
CWE-416
Use After Free