Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-6832

Опубликовано: 06 авг. 2015
Источник: redhat
CVSS2: 6.8
EPSS Низкий

Описание

Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code via crafted serialized data that triggers misuse of an array field.

A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5phpWill not fix
Red Hat Enterprise Linux 5php53Will not fix
Red Hat Enterprise Linux 6phpWill not fix
Red Hat Enterprise Linux 7phpWill not fix
Red Hat OpenShift Enterprise 2phpWill not fix
Red Hat Software Collectionsphp54-phpWill not fix
Red Hat Software Collectionsphp55-phpWill not fix
Red Hat Software Collections for Red Hat Enterprise Linux 6rh-php56-phpFixedRHSA-2016:045715.03.2016
Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUSrh-php56-phpFixedRHSA-2016:045715.03.2016
Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUSrh-php56-phpFixedRHSA-2016:045715.03.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=1256322php: dangling pointer in the unserialization of ArrayObject items

EPSS

Процентиль: 81%
0.01536
Низкий

6.8 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-6832

CVSS3: 7.3
ubuntu
почти 10 лет назад

Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code via crafted serialized data that triggers misuse of an array field.

nvd логотип

CVE-2015-6832

CVSS3: 7.3
nvd
почти 10 лет назад

Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code via crafted serialized data that triggers misuse of an array field.

debian логотип

CVE-2015-6832

CVSS3: 7.3
debian
почти 10 лет назад

Use-after-free vulnerability in the SPL unserialize implementation in ...

github логотип

GHSA-7c6h-7vfv-vrfm

CVSS3: 7.3
github
больше 3 лет назад

Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code via crafted serialized data that triggers misuse of an array field.

fstec логотип

BDU:2016-00307

fstec
почти 10 лет назад

Уязвимость интерпретатора PHP, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 81%
0.01536
Низкий

6.8 Medium

CVSS2