CVE-2015-6832 — HIGH (7.3) — White Hats Nepal

Q: How severe is CVE-2015-6832?

CVE-2015-6832 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2015-6832?

Check the references section above for vendor advisories and patch information. Affected products include: Php Php.

Vulnerability Description

Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code via crafted serialized data that triggers misuse of an array field.

CVSS Score

7.3

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Php	Php	<= 5.4.43

References

FAQ

What is CVE-2015-6832?

CVE-2015-6832 is a vulnerability with a CVSS score of 7.3 (HIGH). Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrar...

How severe is CVE-2015-6832?

CVE-2015-6832 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-6832?

Check the references section above for vendor advisories and patch information. Affected products include: Php Php.