{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-08-05T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during unserialization."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-01-06T16:15:25.000Z", "orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "microfocus"}, "references": [{"name": "DSA-3344", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3344"}, {"name": "76737", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/76737"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.php.net/bug.php?id=70169"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.php.net/bug.php?id=70168"}, {"name": "[oss-security] 20150819 CVE Request: more php unserializing issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/08/19/3"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.php.net/ChangeLog-5.php"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.php.net/bug.php?id=70166"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.php.net/bug.php?id=70155"}, {"name": "GLSA-201606-10", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201606-10"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@microfocus.com", "ID": "CVE-2015-6831", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during unserialization."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "DSA-3344", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3344"}, {"name": "76737", "refsource": "BID", "url": "http://www.securityfocus.com/bid/76737"}, {"name": "https://bugs.php.net/bug.php?id=70169", "refsource": "CONFIRM", "url": "https://bugs.php.net/bug.php?id=70169"}, {"name": "https://bugs.php.net/bug.php?id=70168", "refsource": "CONFIRM", "url": "https://bugs.php.net/bug.php?id=70168"}, {"name": "[oss-security] 20150819 CVE Request: more php unserializing issues", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/08/19/3"}, {"name": "http://www.php.net/ChangeLog-5.php", "refsource": "CONFIRM", "url": "http://www.php.net/ChangeLog-5.php"}, {"name": "https://bugs.php.net/bug.php?id=70166", "refsource": "CONFIRM", "url": "https://bugs.php.net/bug.php?id=70166"}, {"name": "https://bugs.php.net/bug.php?id=70155", "refsource": "CONFIRM", "url": "https://bugs.php.net/bug.php?id=70155"}, {"name": "GLSA-201606-10", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201606-10"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T07:36:33.268Z"}, "title": "CVE Program Container", "references": [{"name": "DSA-3344", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3344"}, {"name": "76737", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/76737"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.php.net/bug.php?id=70169"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.php.net/bug.php?id=70168"}, {"name": "[oss-security] 20150819 CVE Request: more php unserializing issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2015/08/19/3"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.php.net/ChangeLog-5.php"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.php.net/bug.php?id=70166"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.php.net/bug.php?id=70155"}, {"name": "GLSA-201606-10", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201606-10"}]}]}, "cveMetadata": {"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "assignerShortName": "microfocus", "cveId": "CVE-2015-6831", "datePublished": "2016-01-19T02:00:00.000Z", "dateReserved": "2015-09-08T00:00:00.000Z", "dateUpdated": "2024-08-06T07:36:33.268Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "A03A31A6-4CAC-4229-A1E4-FDC785765646", "versionEndExcluding": "5.4.44", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "B9C0D35D-0789-471F-9252-FB4233D7E1F1", "versionEndExcluding": "5.5.28", "versionStartIncluding": "5.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "C946BEC6-918B-4C3F-9D2C-5FE90F693A2E", "versionEndExcluding": "5.6.12", "versionStartIncluding": "5.6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during unserialization."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de uso despu\u00e9s de liberaci\u00f3n de memoria en SPL en PHP en versiones anteriores a 5.4.44, 5.5.x en versiones anteriores a 5.5.28 y 5.6.x en versiones anteriores a 5.6.12 permiten a atacantes remotos ejecutar c\u00f3digo arbitrario involucrando vectores (1) ArrayObject, (2) SplObjectStorage y (3) SplDoublyLinkedList, los cuales no son manejados adecuadamente durante la deserializaci\u00f3n."}], "id": "CVE-2015-6831", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-01-19T05:59:02.637", "references": [{"source": "security@opentext.com", "url": "http://www.debian.org/security/2015/dsa-3344"}, {"source": "security@opentext.com", "url": "http://www.openwall.com/lists/oss-security/2015/08/19/3"}, {"source": "security@opentext.com", "url": "http://www.php.net/ChangeLog-5.php"}, {"source": "security@opentext.com", "url": "http://www.securityfocus.com/bid/76737"}, {"source": "security@opentext.com", "url": "https://bugs.php.net/bug.php?id=70155"}, {"source": "security@opentext.com", "url": "https://bugs.php.net/bug.php?id=70166"}, {"source": "security@opentext.com", "url": "https://bugs.php.net/bug.php?id=70168"}, {"source": "security@opentext.com", "url": "https://bugs.php.net/bug.php?id=70169"}, {"source": "security@opentext.com", "url": "https://security.gentoo.org/glsa/201606-10"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2015/dsa-3344"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2015/08/19/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.php.net/ChangeLog-5.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/76737"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugs.php.net/bug.php?id=70155"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugs.php.net/bug.php?id=70166"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugs.php.net/bug.php?id=70168"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugs.php.net/bug.php?id=70169"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201606-10"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2016:0457", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "rh-php56-php-0:5.6.5-8.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2016-03-15T00:00:00Z"}, {"advisory": "RHSA-2016:0457", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "rh-php56-php-0:5.6.5-8.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS", "release_date": "2016-03-15T00:00:00Z"}, {"advisory": "RHSA-2016:0457", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "rh-php56-php-0:5.6.5-8.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", "release_date": "2016-03-15T00:00:00Z"}, {"advisory": "RHSA-2016:0457", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-php56-php-0:5.6.5-8.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2016-03-15T00:00:00Z"}, {"advisory": "RHSA-2016:0457", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-php56-php-0:5.6.5-8.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS", "release_date": "2016-03-15T00:00:00Z"}, {"advisory": "RHSA-2016:0457", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-php56-php-0:5.6.5-8.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS", "release_date": "2016-03-15T00:00:00Z"}], "bugzilla": {"description": "php: Use After Free Vulnerability in unserialize()", "id": "1256290", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1256290"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified"}, "cwe": "CWE-416", "details": ["Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during unserialization.", "A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code."], "name": "CVE-2015-6831", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "php", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "php53", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "php", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "php", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:openshift:2", "fix_state": "Will not fix", "package_name": "php", "product_name": "Red Hat OpenShift Enterprise 2"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Will not fix", "package_name": "php54-php", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Will not fix", "package_name": "php55-php", "product_name": "Red Hat Software Collections"}], "public_date": "2015-08-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-6831\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-6831"], "threat_severity": "Moderate"}