CVE-2015-1351 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2015-1351?

CVE-2015-1351 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2015-1351?

Check the references section above for vendor advisories and patch information. Affected products include: Oracle Secure Backup, Apple Mac Os X, Php Php, Oracle Linux, Oracle Solaris.

Vulnerability Description

Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Oracle	Secure Backup	<= 12.1.0.1.0
Apple	Mac Os X	<= 10.6.8
Php	Php	< 5.5.24
Oracle	Linux	6
Oracle	Solaris	11.2

Related Weaknesses (CWE)

CWE-416

References

http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=777c39f4042327eac4b63c7ee87dc1c
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.htmlMailing ListThird Party Advisory
http://openwall.com/lists/oss-security/2015/01/24/9Mailing ListThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1053.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1066.htmlThird Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2015:079Broken Link
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlPatchVendor Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlThird Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.hThird Party Advisory
http://www.securityfocus.com/bid/71929Third Party AdvisoryVDB Entry
https://bugs.php.net/bug.php?id=68677Exploit
https://security.gentoo.org/glsa/201606-10Third Party Advisory
https://support.apple.com/HT205267Vendor Advisory
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=777c39f4042327eac4b63c7ee87dc1c
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.htmlMailing ListThird Party Advisory

FAQ

What is CVE-2015-1351?

CVE-2015-1351 is a vulnerability with a CVSS score of 7.5 (HIGH). Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly h...

How severe is CVE-2015-1351?

CVE-2015-1351 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-1351?

Check the references section above for vendor advisories and patch information. Affected products include: Oracle Secure Backup, Apple Mac Os X, Php Php, Oracle Linux, Oracle Solaris.