Lucene search

K
osvGoogleOSV:DLA-341-1
HistoryNov 08, 2015 - 12:00 a.m.

php5 - security update

2015-11-0800:00:00
Google
osv.dev
59

EPSS

0.201

Percentile

96.4%

  • CVE-2015-6831
    Use after free vulnerability was found in unserialize() function.
    We can create ZVAL and free it via Serializable::unserialize.
    However the unserialize() will still allow to use R: or r: to set
    references to that already freed memory. It is possible to
    use-after-free attack and execute arbitrary code remotely.
  • CVE-2015-6832
    Dangling pointer in the unserialization of ArrayObject items.
  • CVE-2015-6833
    Files extracted from archive may be placed outside of destination
    directory
  • CVE-2015-6834
    Use after free vulnerability was found in unserialize() function.
    We can create ZVAL and free it via Serializable::unserialize.
    However the unserialize() will still allow to use R: or r: to set
    references to that already freed memory. It is possible to
    use-after-free attack and execute arbitrary code remotely.
  • CVE-2015-6836
    A type confusion occurs within SOAP serialize_function_call due
    to an insufficient validation of the headers field.
    In the SoapClient’s __call method, the verify_soap_headers_array
    check is applied only to headers retrieved from
    zend_parse_parameters; problem is that a few lines later,
    soap_headers could be updated or even replaced with values from
    the __default_headers object fields.
  • CVE-2015-6837
    The XSLTProcessor class misses a few checks on the input from the
    libxslt library. The valuePop() function call is able to return
    NULL pointer and php does not check that.
  • CVE-2015-6838
    The XSLTProcessor class misses a few checks on the input from the
    libxslt library. The valuePop() function call is able to return
    NULL pointer and php does not check that.
  • CVE-2015-7803
    A NULL pointer dereference flaw was found in the way PHP’s Phar
    extension parsed Phar archives. A specially crafted archive could
    cause PHP to crash.
  • CVE-2015-7804
    An uninitialized pointer use flaw was found in the
    phar_make_dirstream() function of PHP’s Phar extension.
    A specially crafted phar file in the ZIP format with a directory
    entry with a file name “/ZIP” could cause a PHP application
    function to crash.