CVE-2015-4601
Published: 23 June 2015
PHP before 5.6.7 might allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in (1) ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and (3) ext/soap/soap.c, a different issue than CVE-2015-4600.
Notes
Author | Note |
---|---|
mdeslaur | commit already in CVE-2015-4147 |
Priority
CVSS 3 base score: 9.8
Status
Package | Release | Status |
---|---|---|
php5 Launchpad, Ubuntu, Debian |
upstream |
Released
(5.4.39,5.5.23,5.6.7)
|
precise |
Released
(5.3.10-1ubuntu3.19)
|
|
trusty |
Released
(5.5.9+dfsg-1ubuntu4.11)
|
|
utopic |
Released
(5.5.12+dfsg-2ubuntu4.6)
|
|
vivid |
Released
(5.6.4+dfsg-4ubuntu6.2)
|
|
Patches: upstream: http://git.php.net/?p=php-src.git;a=commit;h=0c136a2abd49298b66acb0cad504f0f972f5bfe8 (5.4-5.6) |