CVE-2015-6832

Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code via crafted serialized data that triggers misuse of an array field.

Affected Software

Name	Vendor	Start Version	End Version
Php	Php	*	5.4.43 (including)
Php	Php	5.5.0 (including)	5.5.0 (including)
Php	Php	5.5.0-alpha1 (including)	5.5.0-alpha1 (including)
Php	Php	5.5.0-alpha2 (including)	5.5.0-alpha2 (including)
Php	Php	5.5.0-alpha3 (including)	5.5.0-alpha3 (including)
Php	Php	5.5.0-alpha4 (including)	5.5.0-alpha4 (including)
Php	Php	5.5.0-alpha5 (including)	5.5.0-alpha5 (including)
Php	Php	5.5.0-alpha6 (including)	5.5.0-alpha6 (including)
Php	Php	5.5.0-beta1 (including)	5.5.0-beta1 (including)
Php	Php	5.5.0-beta2 (including)	5.5.0-beta2 (including)
Php	Php	5.5.0-beta3 (including)	5.5.0-beta3 (including)
Php	Php	5.5.0-beta4 (including)	5.5.0-beta4 (including)
Php	Php	5.5.0-rc1 (including)	5.5.0-rc1 (including)
Php	Php	5.5.0-rc2 (including)	5.5.0-rc2 (including)
Php	Php	5.5.1 (including)	5.5.1 (including)
Php	Php	5.5.2 (including)	5.5.2 (including)
Php	Php	5.5.3 (including)	5.5.3 (including)
Php	Php	5.5.4 (including)	5.5.4 (including)
Php	Php	5.5.5 (including)	5.5.5 (including)
Php	Php	5.5.6 (including)	5.5.6 (including)
Php	Php	5.5.7 (including)	5.5.7 (including)
Php	Php	5.5.8 (including)	5.5.8 (including)
Php	Php	5.5.9 (including)	5.5.9 (including)
Php	Php	5.5.10 (including)	5.5.10 (including)
Php	Php	5.5.11 (including)	5.5.11 (including)
Php	Php	5.5.12 (including)	5.5.12 (including)
Php	Php	5.5.13 (including)	5.5.13 (including)
Php	Php	5.5.14 (including)	5.5.14 (including)
Php	Php	5.5.18 (including)	5.5.18 (including)
Php	Php	5.5.19 (including)	5.5.19 (including)
Php	Php	5.5.20 (including)	5.5.20 (including)
Php	Php	5.5.21 (including)	5.5.21 (including)
Php	Php	5.5.22 (including)	5.5.22 (including)
Php	Php	5.5.23 (including)	5.5.23 (including)
Php	Php	5.5.24 (including)	5.5.24 (including)
Php	Php	5.5.25 (including)	5.5.25 (including)
Php	Php	5.5.26 (including)	5.5.26 (including)
Php	Php	5.5.27 (including)	5.5.27 (including)
Php	Php	5.6.0-alpha1 (including)	5.6.0-alpha1 (including)
Php	Php	5.6.0-alpha2 (including)	5.6.0-alpha2 (including)
Php	Php	5.6.0-alpha3 (including)	5.6.0-alpha3 (including)
Php	Php	5.6.0-alpha4 (including)	5.6.0-alpha4 (including)
Php	Php	5.6.0-alpha5 (including)	5.6.0-alpha5 (including)
Php	Php	5.6.0-beta1 (including)	5.6.0-beta1 (including)
Php	Php	5.6.0-beta2 (including)	5.6.0-beta2 (including)
Php	Php	5.6.0-beta3 (including)	5.6.0-beta3 (including)
Php	Php	5.6.0-beta4 (including)	5.6.0-beta4 (including)
Php	Php	5.6.1 (including)	5.6.1 (including)
Php	Php	5.6.2 (including)	5.6.2 (including)
Php	Php	5.6.3 (including)	5.6.3 (including)
Php	Php	5.6.4 (including)	5.6.4 (including)
Php	Php	5.6.5 (including)	5.6.5 (including)
Php	Php	5.6.6 (including)	5.6.6 (including)
Php	Php	5.6.7 (including)	5.6.7 (including)
Php	Php	5.6.8 (including)	5.6.8 (including)
Php	Php	5.6.9 (including)	5.6.9 (including)
Php	Php	5.6.10 (including)	5.6.10 (including)
Php	Php	5.6.11 (including)	5.6.11 (including)
Red Hat Software Collections for Red Hat Enterprise Linux 6	RedHat	rh-php56-php-0:5.6.5-8.el6	*
Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS	RedHat	rh-php56-php-0:5.6.5-8.el6	*
Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS	RedHat	rh-php56-php-0:5.6.5-8.el6	*
Red Hat Software Collections for Red Hat Enterprise Linux 7	RedHat	rh-php56-php-0:5.6.5-8.el7	*
Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS	RedHat	rh-php56-php-0:5.6.5-8.el7	*
Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS	RedHat	rh-php56-php-0:5.6.5-8.el7	*
Php5	Ubuntu	devel	*
Php5	Ubuntu	esm-infra-legacy/trusty	*
Php5	Ubuntu	precise	*
Php5	Ubuntu	trusty	*
Php5	Ubuntu	trusty/esm	*
Php5	Ubuntu	upstream	*
Php5	Ubuntu	vivid	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2015-6832
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References