Home > Vulnerability Database > CVE-2015-6834

Mend.io Vulnerability Database

CVE-2015-6834

Date: May 16, 2016

Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable interface, (2) the SplObjectStorage class, and (3) the SplDoublyLinkedList class, which are mishandled during unserialization.

Language: C

Severity Score

9.8

Related Resources (13)

Url: http://www.securityfocus.com/bid/76649

Url: https://bugs.php.net/bug.php?id=70365

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2015-6834

Url: https://bugs.php.net/bug.php?id=70366

Url: https://access.redhat.com/security/cve/CVE-2015-6834

Url: https://security-tracker.debian.org/tracker/CVE-2015-6834

Url: http://www.debian.org/security/2015/dsa-3358

Url: https://nvd.nist.gov/vuln/detail/CVE-2015-6834

Url: http://www.securitytracker.com/id/1033548

Url: https://bugs.php.net/bug.php?id=70172

Url: http://php.net/ChangeLog-5.php

Url: https://security.gentoo.org/glsa/201606-10

Url: https://www.mend.io/vulnerability-database/CVE-2015-6834

Severity Score

9.8

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	7.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2015-6834

Date: May 16, 2016

Language: C

Severity Score

Related Resources (13)

Severity Score

CVSS v3.1

CVSS v2

Do you need more information?