CVE-2015-6832
Published: 27 August 2015
Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code via crafted serialized data that triggers misuse of an array field.
Priority
Status
Package | Release | Status |
---|---|---|
php5 Launchpad, Ubuntu, Debian |
precise |
Released
(5.3.10-1ubuntu3.20)
|
trusty |
Released
(5.5.9+dfsg-1ubuntu4.13)
|
|
upstream |
Released
(5.6.12+dfsg-1)
|
|
vivid |
Released
(5.6.4+dfsg-4ubuntu6.3)
|
|
Patches: upstream: http://git.php.net/?p=php-src.git;a=commit;h=b7fa67742cd8d2b0ca0c0273b157f6ffee9ad6e2 |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.3 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | Low |
Integrity impact | Low |
Availability impact | Low |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |