Description

Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable interface, (2) the SplObjectStorage class, and (3) the SplDoublyLinkedList class, which are mishandled during unserialization.

Remediation

References

CVE-2015-6834

Related Vulnerabilities

Lodash Other Vulnerability (CVE-2019-10744)

PHP Numeric Errors Vulnerability (CVE-2011-1092)

PHP Improper Access Control Vulnerability (CVE-2016-5385)

Internet Information Services Other Vulnerability (CVE-1999-0449)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2012-2376)

Severity

Critical

Classification

CVE-2015-6834 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities