Design/Logic Flaw

Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to 1 the Serializable interface, 2 the SplObjectStorage class, and 3 the SplDoublyLinkedList class, which are mishandled...

CVE-2015-6834

Summary: CVE-2015-6834 (and related CVEs 2015-6835, 2015-6836, 2015-6837/6838) are PHP unserialize-related use-after-free and type-confusion vulnerabilities. They affect PHP priors to 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, enabling remote code execution via crafted serialized data ...

PHP interpreter vulnerabilities that allow attackers to execute arbitrary code

The multiple vulnerabilities of the PHP SPL interpreter library are related to the use of memory after it is freed. Exploiting these vulnerabilities allows a remote attacker to execute arbitrary code using classes like ArrayObject, SplObjectStorage, and SplDoublyLinkedList...

Internet Bug Bounty: Use-after-free vulnerability in SPL(SplObjectStorage, unserialize)

https://bugs.php.net/bug.php?id=71313...

PHP SPL Deserialization Memory Misreference Vulnerability

PHP is a general-purpose scripting language that can be embedded in HTML. A memory misreference vulnerability in the PHP SPL deserialization implementation allows attackers to exploit special ArrayObject, SplObjectStorage, SplDoublyLinkedList related vectors to execute arbitrary code...

PHP SplObjectStorage unserialize() Use-After-Free Vulnerabilities

Exploit for php platform in category dos / poc Yet Another Use After Free Vulnerability in unserialize with SplObjectStorage Taoguang Chen Write Date: 2015.8.27 Release Date: 2015.9.4 A use-after-free vulnerability was discovered in unserialize with SplObjectStorage object's deserialization and...

UBUNTU-CVE-2015-6834

Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to 1 the Serializable interface, 2 the SplObjectStorage class, and 3 the SplDoublyLinkedList class, which are mishandled...

PHP 5.4/5.5/5.6 - SplObjectStorage 'Unserialize()' Use-After-Free

Yet Another Use After Free Vulnerability in unserialize with SplObjectStorage Taoguang Chen Write Date: 2015.8.27 Release Date: 2015.9.4 A use-after-free vulnerability was discovered in unserialize with SplObjectStorage object's deserialization and crafted object's wakeup magic method that can be...

PHP 5.45.55.6 - SplObjectStorage Unserialize() Use-After-Free

PHP 5.45.55.6 - SplObjectStorage Unserialize Use-After-Free Yet Another Use After Free Vulnerability in unserialize with SplObjectStorage Taoguang Chen Write Date: 2015.8.27 Release Date: 2015.9.4 A use-after-free vulnerability was discovered in unserialize with SplObjectStorage object's...

PHP 5.6 / 5.5 / 5.4 SplOnjectStorage unserialize() Use-After-Free

Yet Another Use After Free Vulnerability in unserialize with SplObjectStorage Taoguang Chen - Write Date: 2015.8.27 - Release Date: 2015.9.4 A use-after-free vulnerability was discovered in unserialize with SplObjectStorage object's deserialization and crafted object's wakeup magic method that ca...

CVE-2015-6831

Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving 1 ArrayObject, 2 SplObjectStorage, and 3 SplDoublyLinkedList, which are mishandled during unserialization...

Internet Bug Bounty: Use After Free Vulnerability in unserialize() with SplObjectStorage

https://bugs.php.net/bug.php?id=70365...

FreeBSD : php5 -- multiple vulnerabilities (787ef75e-44da-11e5-93ad-002590263bf5)

The PHP project reports : Core : - Fixed bug 69793 Remotely triggerable stack exhaustion via recursive method calls. - Fixed bug 70121 unserialize could lead to unexpected methods execution / NULL pointer deref. OpenSSL : - Fixed bug 70014 opensslrandompseudobytes is not cryptographically secure...

PHP SplObjectStorage Use-After-Free Exploit

A use-after-free vulnerability was discovered in unserialize with SplObjectStorage object's deserialization that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely. Use After Free Vulnerability in unserialize with SplObjectStorage Taoguang Chen - Write Date:...

PHP SplObjectStorage Use-After-Free

Use After Free Vulnerability in unserialize with SplObjectStorage Taoguang Chen - Write Date: 2015.7.30 - Release Date: 2015.8.7 A use-after-free vulnerability was discovered in unserialize with SplObjectStorage object's deserialization that can be abused for leaking arbitrary memory blocks or...

php5 -- multiple vulnerabilities

The PHP project reports: Core: Fixed bug 69793 Remotely triggerable stack exhaustion via recursive method calls. Fixed bug 70121 unserialize could lead to unexpected methods execution / NULL pointer deref. OpenSSL: Fixed bug 70014 opensslrandompseudobytes is not cryptographically secure. Phar:...

PHP unserialize Call SPL ArrayObject and SPLObjectStorage Memory Corruption (CVE-2014-3515)

A memory corruption vulnerability exists in PHP. The vulnerability is due to type confusion in the unserialize function for SPL ArrayObject and SPLObjectStorage. An attacker can exploit this vulnerability if the application uses the vulnerable function...

CentOS 7 : php (CESA-2014:1013)

Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

Moderate: Red Hat Security Advisory: php security update

Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

CVE-2014-3515

The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, relate...