Описание
The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to execute arbitrary code via an unexpected data type, related to a "type confusion" issue.
A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | php | Will not fix | ||
| Red Hat Enterprise Linux 5 | php53 | Will not fix | ||
| Red Hat Software Collections | php54-php | Affected | ||
| Red Hat Enterprise Linux 6 | php | Fixed | RHSA-2015:1218 | 09.07.2015 |
| Red Hat Enterprise Linux 7 | php | Fixed | RHSA-2015:1135 | 23.06.2015 |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | php54 | Fixed | RHSA-2015:1066 | 04.06.2015 |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | php54-php | Fixed | RHSA-2015:1066 | 04.06.2015 |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | php54-php-pecl-zendopcache | Fixed | RHSA-2015:1066 | 04.06.2015 |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | php55-php | Fixed | RHSA-2015:1186 | 25.06.2015 |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | rh-php56-php | Fixed | RHSA-2015:1187 | 25.06.2015 |
Показывать по
Дополнительная информация
Статус:
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to execute arbitrary code via an unexpected data type, related to a "type confusion" issue.
The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to execute arbitrary code via an unexpected data type, related to a "type confusion" issue.
The exception::getTraceAsString function in Zend/zend_exceptions.c in ...
The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to execute arbitrary code via an unexpected data type, related to a "type confusion" issue.
Уязвимость интерпретатора PHP, позволяющая нарушителю выполнить произвольный код
EPSS
4.3 Medium
CVSS2