Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2015-6834

Опубликовано: 16 мая 2016
Источник: debian

Описание

Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable interface, (2) the SplObjectStorage class, and (3) the SplDoublyLinkedList class, which are mishandled during unserialization.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
php5fixed5.6.13+dfsg-1package

Примечания

  • https://bugs.php.net/bug.php?id=70172

  • https://bugs.php.net/bug.php?id=70365

  • https://bugs.php.net/bug.php?id=70366

  • https://www.openwall.com/lists/oss-security/2015/09/07/5

  • Fixed in 5.5.45 and 5.6.13

Связанные уязвимости

ubuntu логотип

CVE-2015-6834

CVSS3: 9.8
ubuntu
больше 9 лет назад

Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable interface, (2) the SplObjectStorage class, and (3) the SplDoublyLinkedList class, which are mishandled during unserialization.

redhat логотип

CVE-2015-6834

redhat
больше 10 лет назад

Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable interface, (2) the SplObjectStorage class, and (3) the SplDoublyLinkedList class, which are mishandled during unserialization.

nvd логотип

CVE-2015-6834

CVSS3: 9.8
nvd
больше 9 лет назад

Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable interface, (2) the SplObjectStorage class, and (3) the SplDoublyLinkedList class, which are mishandled during unserialization.

github логотип

GHSA-6m7q-7r8q-jg24

CVSS3: 9.8
github
больше 3 лет назад

Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable interface, (2) the SplObjectStorage class, and (3) the SplDoublyLinkedList class, which are mishandled during unserialization.

fstec логотип

BDU:2016-01359

fstec
больше 9 лет назад

Уязвимости интерпретатора PHP, позволяющие нарушителю выполнить произвольный код