Описание
Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handled by the php_date_timezone_initialize_from_hash function or (b) DateTime data handled by the php_date_initialize_from_hash function.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 5.6.4+dfsg-4ubuntu3 |
| esm-infra-legacy/trusty | not-affected | 5.5.9+dfsg-1ubuntu4.7 |
| lucid | released | 5.3.2-1ubuntu4.29 |
| precise | released | 5.3.10-1ubuntu3.17 |
| trusty | released | 5.5.9+dfsg-1ubuntu4.7 |
| trusty/esm | not-affected | 5.5.9+dfsg-1ubuntu4.7 |
| upstream | released | 5.4.38,5.5.22,5.6.6 |
| utopic | released | 5.5.12+dfsg-2ubuntu4.3 |
Показывать по
EPSS
7.5 High
CVSS2
Связанные уязвимости
Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handled by the php_date_timezone_initialize_from_hash function or (b) DateTime data handled by the php_date_initialize_from_hash function.
Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handled by the php_date_timezone_initialize_from_hash function or (b) DateTime data handled by the php_date_initialize_from_hash function.
Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP ...
Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handled by the php_date_timezone_initialize_from_hash function or (b) DateTime data handled by the php_date_initialize_from_hash function.
Уязвимость интерпретатора PHP, позволяющая удалённому злоумышленнику выполнить произвольный код
EPSS
7.5 High
CVSS2