Use-after-free vulnerability in PHP SPL unserialize implementation allows remote code execution

Use-after-free vulnerability in PHP SPL unserialize implementation allows remote code execution

CVE-2015-6832 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code via crafted serialized data that triggers misuse of an array field.

Learn more about our Cis Benchmark Audit For Suse Linux Enterprise Server.