CVE-2015-6834

CRITICAL

Php < 5.4.44 - Use After Free

Title source: rule

Description

Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable interface, (2) the SplObjectStorage class, and (3) the SplDoublyLinkedList class, which are mishandled during unserialization.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Taoguang Chen · textdosphp

https://www.exploit-db.com/exploits/38122

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Taoguang Chen · textdosphp

https://www.exploit-db.com/exploits/38120

View Code ZIP pw:eip

References (8)

[Various Sources] http://php.net/ChangeLog-5.php

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1033548

[Various Sources] https://bugs.php.net/bug.php?id=70172

[Various Sources] https://bugs.php.net/bug.php?id=70365

[Various Sources] https://bugs.php.net/bug.php?id=70366

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/76649

[Third Party Advisory] http://www.debian.org/security/2015/dsa-3358

[Third Party Advisory] https://security.gentoo.org/glsa/201606-10

Scores

CVSS v3 9.8

EPSS 0.3724

EPSS Percentile 97.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (43)

php/php 5.5.0

php/php 5.5.1

php/php 5.5.2

php/php 5.5.3

php/php 5.5.4

php/php 5.5.5

php/php 5.5.6

php/php 5.5.7

php/php 5.5.8

php/php 5.5.9

... and 33 more

Published May 16, 2016

Tracked Since Feb 18, 2026