Your submission was sent successfully! Close

CVE-2015-6831

Published: 27 August 2015

Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during unserialization.

Priority

Medium

CVSS 3 base score: 7.3

Status

Package Release Status
php5
Launchpad, Ubuntu, Debian
precise
Released (5.3.10-1ubuntu3.20)
trusty
Released (5.5.9+dfsg-1ubuntu4.13)
upstream
Released (5.6.12+dfsg-1)
vivid
Released (5.6.4+dfsg-4ubuntu6.3)
Patches:
upstream: http://git.php.net/?p=php-src.git;a=commit;h=7381b6accc5559b2de039af3a22f6ec1003b03b3
upstream: http://git.php.net/?p=php-src.git;a=commit;h=c2e197e4efc663ca55f393bf0e799848842286f3
upstream: http://git.php.net/?p=php-src.git;a=commit;h=863bf294feb9ad425eadb94f288bc7f18673089d