Main Vulnerability Database Vulnerabilities #VU40518

Input validation error in PHP - CVE-2015-6831

Published: January 19, 2016 / Updated: August 9, 2020

Vulnerability identifier: #VU40518

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2015-6831

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: PHP Group

Affected software:
PHP

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during unserialization. <a href="http://cwe.mitre.org/data/definitions/416.html">CWE-416: Use After Free</a>

How to mitigate CVE-2015-6831

Install update from vendor's website.

Input validation error in PHP - CVE-2015-6831

Detailed vulnerability description

How to mitigate CVE-2015-6831

Sources

Please verify you're human