Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2015-6834

Опубликовано: 16 мая 2016
Источник: debian
EPSS Средний

Описание

Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable interface, (2) the SplObjectStorage class, and (3) the SplDoublyLinkedList class, which are mishandled during unserialization.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
php5fixed5.6.13+dfsg-1package

Примечания

  • https://bugs.php.net/bug.php?id=70172

  • https://bugs.php.net/bug.php?id=70365

  • https://bugs.php.net/bug.php?id=70366

  • https://www.openwall.com/lists/oss-security/2015/09/07/5

  • Fixed in 5.5.45 and 5.6.13

EPSS

Процентиль: 97%
0.37239
Средний

Связанные уязвимости

ubuntu логотип

CVE-2015-6834

CVSS3: 9.8
ubuntu
почти 10 лет назад

Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable interface, (2) the SplObjectStorage class, and (3) the SplDoublyLinkedList class, which are mishandled during unserialization.

redhat логотип

CVE-2015-6834

redhat
больше 10 лет назад

Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable interface, (2) the SplObjectStorage class, and (3) the SplDoublyLinkedList class, which are mishandled during unserialization.

nvd логотип

CVE-2015-6834

CVSS3: 9.8
nvd
почти 10 лет назад

Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable interface, (2) the SplObjectStorage class, and (3) the SplDoublyLinkedList class, which are mishandled during unserialization.

github логотип

GHSA-6m7q-7r8q-jg24

CVSS3: 9.8
github
почти 4 года назад

Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable interface, (2) the SplObjectStorage class, and (3) the SplDoublyLinkedList class, which are mishandled during unserialization.

fstec логотип

BDU:2016-01359

fstec
почти 10 лет назад

Уязвимости интерпретатора PHP, позволяющие нарушителю выполнить произвольный код

EPSS

Процентиль: 97%
0.37239
Средний