CVE-2015-6835

Published: 9 September 2015

The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 mishandles multiple php_var_unserialize calls, which allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted session content.

Priority

Cvss 3 Severity Score

9.8

Score breakdown

Status

Package	Release	Status
php5 Launchpad, Ubuntu, Debian	precise	Released (5.3.10-1ubuntu3.20)
	trusty	Released (5.5.9+dfsg-1ubuntu4.13)
	upstream	Released (5.5.29,5.6.13)
	vivid	Released (5.6.4+dfsg-4ubuntu6.3)
	Patches: upstream: http://git.php.net/?p=php-src.git;a=commit;h=df4bf28f9f104ca3ef78ed94b497859f15b004e5 upstream: http://git.php.net/?p=php-src.git;a=commit;h=fc8eff897bd7fe3fed7f6867d2d6a86117a5278d upstream: http://git.php.net/?p=php-src.git;a=commit;h=9c35f87e9aac29fb8f574f99edc09b344380aef0 upstream: http://git.php.net/?p=php-src.git;a=commit;h=6290344d96bc31a5c4f682ac5d94d9f30c01d4df upstream: http://git.php.net/?p=php-src.git;a=commit;h=37c85ebb9469b4411bb5d144e6d9ec525ea552a1

Severity score breakdown

Parameter	Value
Base score	9.8
Attack vector	Network
Attack complexity	Low
Privileges required	None
User interaction	None
Scope	Unchanged
Confidentiality	High
Integrity impact	High
Availability impact	High
Vector	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

Bugs

https://bugs.php.net/bug.php?id=70219

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›