CVE-2015-8835

Published: 31 December 2015

The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not properly retrieve keys, which allows remote attackers to cause a denial of service (NULL pointer dereference, type confusion, and application crash) or possibly execute arbitrary code via crafted serialized data representing a numerically indexed _cookies array, related to the SoapClient::__call method in ext/soap/soap.c.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
php5
Launchpad, Ubuntu, Debian
Upstream
Released (5.6.12+dfsg-1)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (5.5.9+dfsg-1ubuntu4.16)
Patches:
Upstream: https://git.php.net/?p=php-src.git;a=commitdiff;h=c96d08b27226193dd51f2b50e84272235c6aaa69
php7.0
Launchpad, Ubuntu, Debian
Upstream
Released (7.0.0)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Notes

AuthorNote
sbeattie
upstream fixed in 5.6.12, 5.5.28, and 5.4.44
mdeslaur
This CVE is for the first part of the fix, and the first part
listed in the bug.
See CVE-2016-3185 for the second part.

References

Bugs