CVE-2015-6832
Published: 27 August 2015
Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code via crafted serialized data that triggers misuse of an array field.
Priority
CVSS 3 base score: 7.3
Status
Package | Release | Status |
---|---|---|
php5 Launchpad, Ubuntu, Debian |
upstream |
Released
(5.6.12+dfsg-1)
|
precise |
Released
(5.3.10-1ubuntu3.20)
|
|
trusty |
Released
(5.5.9+dfsg-1ubuntu4.13)
|
|
vivid |
Released
(5.6.4+dfsg-4ubuntu6.3)
|
|
Patches: upstream: http://git.php.net/?p=php-src.git;a=commit;h=b7fa67742cd8d2b0ca0c0273b157f6ffee9ad6e2 |