Description

Use-after-free vulnerability in the spl_ptr_heap_insert function in ext/spl/spl_heap.c in PHP before 5.5.27 and 5.6.x before 5.6.11 allows remote attackers to execute arbitrary code by triggering a failed SplMinHeap::compare operation.

Remediation

References

CVE-2015-4116

Related Vulnerabilities

WordPress Plugin Estatik Real Estate Cross-Site Request Forgery (3.8.3)

WordPress Plugin Bug Library Cross-Site Scripting (1.4.2)

MySQL CVE-2012-0112 Vulnerability (CVE-2012-0112)

IBM RTC Improper Neutralization of HTTP Headers for Scripting Syntax Vulnerability (CVE-2024-51454)

Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-21336)

Severity

Critical

Classification

CVE-2015-4116 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities