Wind River Support Network

HomeDefectsLIN6-11350
Fixed

LIN6-11350 : Security Advisory - php - CVE-2015-6834

Created: May 31, 2016    Updated: Dec 3, 2018
Resolved Date: Jun 28, 2016
Found In Version: 6.0.0.29
Fix Version: 6.0.0.31
Severity: Standard
Applicable for: Wind River Linux 6
Component/s: Userspace

Description

Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable interface, (2) the SplObjectStorage class, and (3) the SplDoublyLinkedList class, which are mishandled during unserialization.<a href=http://cwe.mitre.org/data/definitions/502.html>CWE-502: Deserialization of Untrusted Data</a>

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6834

Other Downloads


Live chat
Online