Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during unserialization.
References
Configurations
History
07 Nov 2023, 02:27
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.debian.org/security/2015/dsa-3344 - | |
References | () https://bugs.php.net/bug.php?id=70166 - | |
References | () https://bugs.php.net/bug.php?id=70169 - | |
References | () https://bugs.php.net/bug.php?id=70155 - | |
References | () http://www.php.net/ChangeLog-5.php - | |
References | () https://security.gentoo.org/glsa/201606-10 - | |
References | () http://www.securityfocus.com/bid/76737 - | |
References | () http://www.openwall.com/lists/oss-security/2015/08/19/3 - | |
References | () https://bugs.php.net/bug.php?id=70168 - |
05 Aug 2022, 14:28
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.18:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.22:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.6.11:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.14:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.24:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.23:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.6.9:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:* cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:* cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:* cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.25:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.6.10:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.26:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.19:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.20:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:* cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.6.8:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.21:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.27:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.6.0:beta4:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.43:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:* |
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* |
First Time |
Debian debian Linux
Debian |
|
References | (MLIST) http://www.openwall.com/lists/oss-security/2015/08/19/3 - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://bugs.php.net/bug.php?id=70155 - Exploit, Issue Tracking, Vendor Advisory | |
References | (CONFIRM) https://bugs.php.net/bug.php?id=70168 - Exploit, Issue Tracking, Vendor Advisory | |
References | (DEBIAN) http://www.debian.org/security/2015/dsa-3344 - Third Party Advisory | |
References | (CONFIRM) https://bugs.php.net/bug.php?id=70169 - Exploit, Issue Tracking, Vendor Advisory | |
References | (CONFIRM) http://www.php.net/ChangeLog-5.php - Release Notes, Vendor Advisory | |
References | (CONFIRM) https://bugs.php.net/bug.php?id=70166 - Exploit, Issue Tracking, Vendor Advisory | |
References | (BID) http://www.securityfocus.com/bid/76737 - Third Party Advisory, VDB Entry | |
References | (GENTOO) https://security.gentoo.org/glsa/201606-10 - Third Party Advisory | |
CWE | CWE-416 |
Information
Published : 2016-01-19 05:59
Updated : 2023-12-10 11:46
NVD link : CVE-2015-6831
Mitre link : CVE-2015-6831
CVE.ORG link : CVE-2015-6831
JSON object : View
Products Affected
debian
- debian_linux
php
- php
CWE
CWE-416
Use After Free