Vulnerability Name:

CVE-2015-6832 (CCN-110058)

Assigned:2015-08-19
Published:2015-08-19
Updated:2017-11-04
Summary:Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code via crafted serialized data that triggers misuse of an array field.

CWE-416: Use After Free
CVSS v3 Severity:7.3 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
6.4 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
6.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2015-6832

Source: CCN
Type: PHP Web site
PHP 5 ChangeLog

Source: CCN
Type: RHSA-2016-0457
Moderate: rh-php56-php security update

Source: DEBIAN
Type: UNKNOWN
DSA-3344

Source: CCN
Type: oss-sec Mailing List, Wed, 19 Aug 2015 11:49:45 +0200
CVE Request: more php unserializing issues

Source: CONFIRM
Type: Vendor Advisory
http://www.php.net/ChangeLog-5.php

Source: CONFIRM
Type: Exploit
https://bugs.php.net/bug.php?id=70068

Source: XF
Type: UNKNOWN
php-cve20156832-code-exec(110058)

Source: GENTOO
Type: UNKNOWN
GLSA-201606-10

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2015-6832

Vulnerable Configuration:Configuration 1:
  • cpe:/a:php:php:*:*:*:*:*:*:*:* (Version <= 5.4.43)
  • OR cpe:/a:php:php:5.5.0:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.0:alpha1:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.0:alpha2:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.0:alpha3:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.0:alpha4:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.0:alpha5:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.0:alpha6:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.0:beta3:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.0:beta4:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.2:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.4:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.5:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.6:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.7:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.8:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.9:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.10:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.11:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.12:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.13:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.14:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.18:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.19:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.20:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.21:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.22:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.23:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.24:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.25:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.26:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.27:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.0:alpha1:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.0:alpha2:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.0:alpha3:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.0:alpha4:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.0:alpha5:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.0:beta3:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.0:beta4:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.1:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.2:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.3:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.4:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.5:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.6:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.7:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.8:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.9:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.10:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.11:-:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:php:php:5.4.0:-:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20156832
    V
    		CVE-2015-6832
    2023-06-22
    oval:org.opensuse.security:def:9680
    P
    		Security update for libsndfile (Important)
    2022-01-11
    oval:org.opensuse.security:def:10438
    P
    		Security update for java-1_8_0-ibm (Important) (in QA)
    2022-01-04
    oval:org.opensuse.security:def:9884
    P
    		Security update for go1.17 (Moderate)
    2021-12-23
    oval:org.opensuse.security:def:9634
    P
    		Security update for log4j (Important)
    2021-12-17
    oval:org.opensuse.security:def:38242
    P
    		Security update for mozilla-nss (Important)
    2021-12-06
    oval:org.opensuse.security:def:10371
    P
    		Security update for the Linux Kernel (Important)
    2021-12-02
    oval:org.opensuse.security:def:9619
    P
    		Security update for python-Pygments (Important)
    2021-12-01
    oval:org.opensuse.security:def:10368
    P
    		Security update for ruby2.5 (Important)
    2021-12-01
    oval:org.opensuse.security:def:10175
    P
    		Security update for webkit2gtk3 (Important)
    2021-11-23
    oval:org.opensuse.security:def:9417
    P
    		Security update for MozillaFirefox (Important)
    2021-11-10
    oval:org.opensuse.security:def:9612
    P
    		Security update for MozillaFirefox (Important)
    2021-11-10
    oval:org.opensuse.security:def:10169
    P
    		Security update for Salt (Moderate)
    2021-10-27
    oval:org.opensuse.security:def:9604
    P
    		Security update for dnsmasq (Moderate)
    2021-10-27
    oval:org.opensuse.security:def:10162
    P
    		Security update for glibc (Moderate)
    2021-10-12
    oval:org.opensuse.security:def:10346
    P
    		Security update for curl (Moderate)
    2021-10-06
    oval:org.opensuse.security:def:10153
    P
    		Security update for openssl-1_0_0 (Low)
    2021-09-09
    oval:org.opensuse.security:def:9395
    P
    		Security update for libesmtp (Important)
    2021-09-03
    oval:org.opensuse.security:def:10147
    P
    		Security update for xerces-c (Important)
    2021-09-02
    oval:org.opensuse.security:def:11120
    P
    		Security update for libspf2 (Critical)
    2021-08-25
    oval:org.opensuse.security:def:10139
    P
    		Security update for djvulibre (Important)
    2021-08-20
    oval:org.opensuse.security:def:9387
    P
    		Security update for spice-vdagent (Moderate)
    2021-08-20
    oval:org.opensuse.security:def:13900
    P
    		libgc1-7.2d-3.75 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:14201
    P
    		libXrender1-0.9.8-7.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:14176
    P
    		java-1_8_0-ibm-1.8.0_sr4.5-29.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:14083
    P
    		apache2-2.4.23-28.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:14064
    P
    		xinetd-2.3.15-7.3 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:14046
    P
    		tcpdump-4.5.1-10.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:14929
    P
    		jakarta-taglibs-standard-1.1.1-255.2 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:13998
    P
    		pam_krb5-2.4.4-4.4 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:14907
    P
    		gpg2-2.0.24-9.8.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:13930
    P
    		libmspack0-0.4-14.4 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:14269
    P
    		libpango-1_0-0-1.40.1-9.5 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:13908
    P
    		libhogweed2-2.7.1-9.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:14256
    P
    		libmodplug1-0.8.8.4-13.63 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:14245
    P
    		libjson-c2-0.11-2.15 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:38769
    P
    		Security update for cpio (Important)
    2021-08-12
    oval:org.opensuse.security:def:9761
    P
    		Security update for nodejs8 (Important)
    2021-08-05
    oval:org.opensuse.security:def:11098
    P
    		Security update for claws-mail (Moderate)
    2021-07-16
    oval:org.opensuse.security:def:10296
    P
    		Security update for go1.15 (Important)
    2021-06-30
    oval:org.opensuse.security:def:9544
    P
    		Security update for ovmf (Important)
    2021-06-25
    oval:org.opensuse.security:def:9742
    P
    		Security update for openexr (Important)
    2021-06-24
    oval:org.opensuse.security:def:10111
    P
    		Security update for openexr (Important)
    2021-06-24
    oval:org.opensuse.security:def:9727
    P
    		Security update for ucode-intel (Important)
    2021-06-10
    oval:org.opensuse.security:def:10277
    P
    		Security update for spice-gtk (Moderate)
    2021-06-10
    oval:org.opensuse.security:def:9525
    P
    		Security update for qemu (Important)
    2021-06-09
    oval:org.opensuse.security:def:15880
    P
    		php5-devel-5.5.14-39.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:124640
    P
    		php5-devel-5.5.14-109.41.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:16484
    P
    		libXv-devel-1.0.10-7.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:16098
    P
    		php5-devel-5.5.14-73.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:16668
    P
    		xen-devel-4.11.0_08-1.11 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:16611
    P
    		libzypp-devel-16.19.0-2.36.3 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:16526
    P
    		libjavascriptcoregtk-1_0-0-2.4.11-23.20 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:16492
    P
    		libasm-devel-0.158-6.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:16348
    P
    		php5-devel-5.5.14-108.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:16634
    P
    		php5-devel-5.5.14-109.41.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:10086
    P
    		Security update for dhcp (Important)
    2021-06-02
    oval:org.opensuse.security:def:10262
    P
    		Security update for curl (Moderate)
    2021-05-31
    oval:org.opensuse.security:def:9510
    P
    		Security update for djvulibre (Important)
    2021-05-19
    oval:org.opensuse.security:def:9708
    P
    		Security update for lz4 (Important)
    2021-05-19
    oval:org.opensuse.security:def:9695
    P
    		Security update for xen (Important)
    2021-04-30
    oval:org.opensuse.security:def:38658
    P
    		Security update for MozillaFirefox (Important)
    2021-04-28
    oval:org.opensuse.security:def:9686
    P
    		Security update for spamassassin (Important)
    2021-04-13
    oval:org.opensuse.security:def:9861
    P
    		Security update for the Linux Kernel (Important)
    2021-03-09
    oval:org.opensuse.security:def:9862
    P
    		Security update for openssl-1_1 (Moderate)
    2021-03-09
    oval:org.opensuse.security:def:9463
    P
    		Security update for openldap2 (Important)
    2021-03-08
    oval:org.opensuse.security:def:10215
    P
    		Security update for python-cryptography (Important)
    2021-03-03
    oval:org.opensuse.security:def:9854
    P
    		Security update for grub2 (Important)
    2021-03-02
    oval:org.opensuse.security:def:10396
    P
    		Security update for php7 (Important)
    2021-02-24
    oval:org.opensuse.security:def:38609
    P
    		Security update for ImageMagick (Moderate)
    2021-02-23
    oval:org.opensuse.security:def:9644
    P
    		Security update for the Linux Kernel (Important)
    2021-02-19
    oval:org.opensuse.security:def:9836
    P
    		Security update for subversion (Important)
    2021-02-10
    oval:org.opensuse.security:def:10585
    P
    		Security update for the Linux Kernel (Important)
    2020-12-09
    oval:org.opensuse.security:def:16877
    P
    		libqt4-devel-4.8.7-8.8.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:16845
    P
    		libmodplug-devel-0.8.9.0+git20170610.f6dd59a-15.4.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:16735
    P
    		gegl-devel-0.2.0-14.3 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:16699
    P
    		bsh2-2.0.0.b5-3.2 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:16968
    P
    		sane-backends-devel-1.0.24-3.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:16946
    P
    		pango-devel-1.40.1-9.5 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:16934
    P
    		ncurses-devel-5.9-64.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:10460
    P
    		lhasa-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10447
    P
    		gnome-settings-daemon-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10563
    P
    		libxcb-composite0 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:9925
    P
    		libtasn1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:9912
    P
    		libqt4 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:9903
    P
    		libpng15-15 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:17632
    P
    		Security update for php5 (Important)
    2020-12-01
    oval:org.opensuse.security:def:17606
    P
    		security update for xen (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10011
    P
    		vsftpd on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37907
    P
    		libkpathsea6 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:9992
    P
    		squid on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:9977
    P
    		python-pywbem on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10835
    P
    		php5-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:9930
    P
    		libupsclient1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38550
    P
    		autofs on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10813
    P
    		libxml2-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38390
    P
    		libvdpau1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38300
    P
    		libical1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:39449
    P
    		Security update for php5 (Important)
    2020-12-01
    oval:org.opensuse.security:def:38140
    P
    		binutils on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:39407
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:38003
    P
    		memcached on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37919
    P
    		libmpfr4 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38725
    P
    		libsnmp30 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37908
    P
    		libksba8 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38697
    P
    		libmms0 on GA media (Moderate)
    2020-12-01
    oval:com.ubuntu.precise:def:20156832000
    V
    		CVE-2015-6832 on Ubuntu 12.04 LTS (precise) - medium.
    2016-01-19
    oval:com.ubuntu.trusty:def:20156832000
    V
    		CVE-2015-6832 on Ubuntu 14.04 LTS (trusty) - medium.
    2016-01-19
    BACK
    php php *
    php php 5.5.0
    php php 5.5.0 alpha1
    php php 5.5.0 alpha2
    php php 5.5.0 alpha3
    php php 5.5.0 alpha4
    php php 5.5.0 alpha5
    php php 5.5.0 alpha6
    php php 5.5.0 beta1
    php php 5.5.0 beta2
    php php 5.5.0 beta3
    php php 5.5.0 beta4
    php php 5.5.0 rc1
    php php 5.5.0 rc2
    php php 5.5.1
    php php 5.5.2
    php php 5.5.3
    php php 5.5.4
    php php 5.5.5
    php php 5.5.6
    php php 5.5.7
    php php 5.5.8
    php php 5.5.9
    php php 5.5.10
    php php 5.5.11
    php php 5.5.12
    php php 5.5.13
    php php 5.5.14
    php php 5.5.18
    php php 5.5.19
    php php 5.5.20
    php php 5.5.21
    php php 5.5.22
    php php 5.5.23
    php php 5.5.24
    php php 5.5.25
    php php 5.5.26
    php php 5.5.27
    php php 5.6.0 alpha1
    php php 5.6.0 alpha2
    php php 5.6.0 alpha3
    php php 5.6.0 alpha4
    php php 5.6.0 alpha5
    php php 5.6.0 beta1
    php php 5.6.0 beta2
    php php 5.6.0 beta3
    php php 5.6.0 beta4
    php php 5.6.1
    php php 5.6.2
    php php 5.6.3
    php php 5.6.4
    php php 5.6.5
    php php 5.6.6
    php php 5.6.7
    php php 5.6.8
    php php 5.6.9
    php php 5.6.10
    php php 5.6.11
    php php 5.4.0