Description

Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable interface, (2) the SplObjectStorage class, and (3) the SplDoublyLinkedList class, which are mishandled during unserialization.

Remediation

References

CVE-2015-6834

Related Vulnerabilities

Oracle Database Server CVE-2006-0290 Vulnerability (CVE-2006-0290)

WordPress Plugin JetWidgets for Elementor and WooCommerce Local File Inclusion (1.1.7)

WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-20965)

Apache Tomcat Improper Locking Vulnerability (CVE-2019-10072)

WordPress Plugin Backup and Restore WordPress-WPBackItUp Cross-Site Request Forgery (1.6.7)

Severity

Critical

Classification

CVE-2015-6834 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities