CVE-2015-8835

Publication date 31 December 2015

Last updated 24 July 2024

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

9.8 · Critical

Score breakdown

The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not properly retrieve keys, which allows remote attackers to cause a denial of service (NULL pointer dereference, type confusion, and application crash) or possibly execute arbitrary code via crafted serialized data representing a numerically indexed _cookies array, related to the SoapClient::__call method in ext/soap/soap.c.

Read the notes from the security team

Status

Package Ubuntu Release Status
php5 15.10 wily
Fixed 5.6.11+dfsg-1ubuntu3.2
14.04 LTS trusty
Fixed 5.5.9+dfsg-1ubuntu4.16
12.04 LTS precise
Fixed 5.3.10-1ubuntu3.22
php7.0 15.10 wily Not in release
14.04 LTS trusty Not in release
12.04 LTS precise Not in release

Notes

sbeattie

upstream fixed in 5.6.12, 5.5.28, and 5.4.44

mdeslaur

This CVE is for the first part of the fix, and the first part listed in the bug. See CVE-2016-3185 for the second part.

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
php5

Severity score breakdown

Parameter Value
Base score 9.8 · Critical
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Scope Unchanged
Confidentiality High
Integrity impact High
Availability impact High
Vector CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

Related Ubuntu Security Notices (USN)

Other references