Wind River Support Network

HomeDefectsLIN8-3765
Fixed

LIN8-3765 : Security Advisory - php - CVE-2015-6834

Created: May 31, 2016    Updated: Jul 6, 2016
Resolved Date: Jun 23, 2016
Found In Version: 8.0
Fix Version: 8.0.0.6
Severity: Standard
Applicable for: Wind River Linux 8
Component/s: Userspace

Description

Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable interface, (2) the SplObjectStorage class, and (3) the SplDoublyLinkedList class, which are mishandled during unserialization.<a href=http://cwe.mitre.org/data/definitions/502.html>CWE-502: Deserialization of Untrusted Data</a>

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6834

CVEs

Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube