CVE-2015-6831
Published: 27 August 2015
Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during unserialization.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
php5 Launchpad, Ubuntu, Debian |
precise |
Released
(5.3.10-1ubuntu3.20)
|
| trusty |
Released
(5.5.9+dfsg-1ubuntu4.13)
|
|
| upstream |
Released
(5.6.12+dfsg-1)
|
|
| vivid |
Released
(5.6.4+dfsg-4ubuntu6.3)
|
|
|
Patches: upstream: http://git.php.net/?p=php-src.git;a=commit;h=7381b6accc5559b2de039af3a22f6ec1003b03b3 upstream: http://git.php.net/?p=php-src.git;a=commit;h=c2e197e4efc663ca55f393bf0e799848842286f3 upstream: http://git.php.net/?p=php-src.git;a=commit;h=863bf294feb9ad425eadb94f288bc7f18673089d |
||
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.3 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | Low |
| Integrity impact | Low |
| Availability impact | Low |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |