← back
CVE-2015-6831

CVE-2015-6831

EPSS 7.1%
Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during unserialization.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://bugs.php.net/bug.php?id=70155https://bugs.php.net/bug.php?id=70166https://bugs.php.net/bug.php?id=70168https://bugs.php.net/bug.php?id=70169https://security.gentoo.org/glsa/201606-10http://www.debian.org/security/2015/dsa-3344http://www.openwall.com/lists/oss-security/2015/08/19/3http://www.php.net/ChangeLog-5.phphttp://www.securityfocus.com/bid/76737