Описание
Use-after-free vulnerability in the add_post_var function in the Posthandler component in PHP 5.6.x before 5.6.1 might allow remote attackers to execute arbitrary code by leveraging a third-party filter extension that accesses a certain ksep value.
Отчет
Not vulnerable. This issue did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 5, 6, and 7, and Red Hat Software Collections 1.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Enterprise 1 | php | Not affected | ||
| Red Hat Enterprise Linux 5 | php | Not affected | ||
| Red Hat Enterprise Linux 5 | php53 | Not affected | ||
| Red Hat Enterprise Linux 6 | php | Not affected | ||
| Red Hat Enterprise Linux 7 | php | Not affected | ||
| Red Hat OpenShift Enterprise 2 | php | Not affected | ||
| Red Hat Software Collections | php54-php | Not affected | ||
| Red Hat Software Collections | php55-php | Not affected |
Показывать по
Дополнительная информация
Статус:
5.1 Medium
CVSS2
Связанные уязвимости
Use-after-free vulnerability in the add_post_var function in the Posthandler component in PHP 5.6.x before 5.6.1 might allow remote attackers to execute arbitrary code by leveraging a third-party filter extension that accesses a certain ksep value.
Use-after-free vulnerability in the add_post_var function in the Posthandler component in PHP 5.6.x before 5.6.1 might allow remote attackers to execute arbitrary code by leveraging a third-party filter extension that accesses a certain ksep value.
Use-after-free vulnerability in the add_post_var function in the Posth ...
Use-after-free vulnerability in the add_post_var function in the Posthandler component in PHP 5.6.x before 5.6.1 might allow remote attackers to execute arbitrary code by leveraging a third-party filter extension that accesses a certain ksep value.
Уязвимость функции add_post_var интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольный PHP-код
5.1 Medium
CVSS2