Arbitrary Code Execution

2019-05-0205:04:21

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

JSON

php is vulnerable to arbitrary code execution. The vulnerability exists through a use-after-free vulnerability in ext/spl/spl_array.c in the SPL component.

CPENameOperatorVersion
php54-phpeq5.4.16__16.el6
php54-phpeq5.4.16__7.el6
php54-phpeq5.4.16__7.el6.1
php53eq5.3.3__1.el5_6.1
php53eq5.3.3__1.el5_7.5
php53eq5.3.3__13.el5_8
php53eq5.3.3__22.el5_10
php53eq5.3.3__1.el5
php53eq5.3.3__13.el5_9.1
php53eq5.3.3__1.el5_7.6

Name	Operator	Version
php54-php	eq	5.4.16__16.el6
php54-php	eq	5.4.16__7.el6
php54-php	eq	5.4.16__7.el6.1
php53	eq	5.3.3__1.el5_6.1
php53	eq	5.3.3__1.el5_7.5
php53	eq	5.3.3__13.el5_8
php53	eq	5.3.3__22.el5_10
php53	eq	5.3.3__1.el5
php53	eq	5.3.3__13.el5_9.1
php53	eq	5.3.3__1.el5_7.6