Main Vulnerability Database Exploits ID:2560 - Exploit for Use-after-free error in PHP - CVE-2015-0273

ID:2560 - Exploit for Use-after-free error in PHP - CVE-2015-0273

Published: April 7, 2020

Vulnerability identifier: #VU16107

Vulnerability risk: High

CVE-ID: CVE-2015-0273

CWE-ID: CWE-416

Exploitation vector: Remote access

Vulnerable software:
PHP

Link to public exploit:

https://www.exploit-db.com/exploits/36158/

Vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6. A remote attacker can trigger memory corruption via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handled by the php_date_timezone_initialize_from_hash function or (b) DateTime data handled by the php_date_initialize_from_hash function and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install update from vendor's website.

ID:2560 - Exploit for Use-after-free error in PHP - CVE-2015-0273

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human