Description

Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code via crafted serialized data that triggers misuse of an array field.

Remediation

References

CVE-2015-6832

Related Vulnerabilities

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-6729)

Ruby CVE-2018-16395 Vulnerability (CVE-2018-16395)

Nexus Repository Manager CVE-2019-15893 Vulnerability (CVE-2019-15893)

Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-7572)

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-5730)

Severity

High

Classification

CVE-2015-6832 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Tags

Missing Update Known Vulnerabilities