Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2015-6834

Опубликовано: 16 мая 2016
Источник: debian
EPSS Средний

Описание

Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable interface, (2) the SplObjectStorage class, and (3) the SplDoublyLinkedList class, which are mishandled during unserialization.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
php5fixed5.6.13+dfsg-1package

Примечания

  • https://bugs.php.net/bug.php?id=70172

  • https://bugs.php.net/bug.php?id=70365

  • https://bugs.php.net/bug.php?id=70366

  • https://www.openwall.com/lists/oss-security/2015/09/07/5

  • Fixed in 5.5.45 and 5.6.13

EPSS

Процентиль: 97%
0.4205
Средний

Связанные уязвимости

ubuntu логотип

CVE-2015-6834

CVSS3: 9.8
ubuntu
больше 9 лет назад

Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable interface, (2) the SplObjectStorage class, and (3) the SplDoublyLinkedList class, which are mishandled during unserialization.

redhat логотип

CVE-2015-6834

redhat
около 10 лет назад

Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable interface, (2) the SplObjectStorage class, and (3) the SplDoublyLinkedList class, which are mishandled during unserialization.

nvd логотип

CVE-2015-6834

CVSS3: 9.8
nvd
больше 9 лет назад

Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable interface, (2) the SplObjectStorage class, and (3) the SplDoublyLinkedList class, which are mishandled during unserialization.

github логотип

GHSA-6m7q-7r8q-jg24

CVSS3: 9.8
github
больше 3 лет назад

Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable interface, (2) the SplObjectStorage class, and (3) the SplDoublyLinkedList class, which are mishandled during unserialization.

fstec логотип

BDU:2016-01359

fstec
больше 9 лет назад

Уязвимости интерпретатора PHP, позволяющие нарушителю выполнить произвольный код

EPSS

Процентиль: 97%
0.4205
Средний