CVE-2015-4116
Use-after-free vulnerability in the spl_ptr_heap_insert function in ext/spl/spl_heap.c in PHP before 5.5.27 and 5.6.x before 5.6.11 allows remote attackers to execute arbitrary code by triggering a failed SplMinHeap::compare operation.
| Software | From | Fixed in |
|---|---|---|
| opensuse / leap | 42.1 | 42.1.x |
| php / php | 5.6.1 | 5.6.1.x |
| php / php | 5.6.5 | 5.6.5.x |
| php / php | 5.6.0 | 5.6.0.x |
| php / php | 5.6.4 | 5.6.4.x |
| php / php | 5.6.6 | 5.6.6.x |
| php / php | 5.6.2 | 5.6.2.x |
| php / php | 5.6.10 | 5.6.10.x |
| php / php | 5.6.7 | 5.6.7.x |
| php / php | - | 5.5.26.x |
| php / php | 5.6.9 | 5.6.9.x |
| php / php | 5.6.3 | 5.6.3.x |
| php / php | 5.6.8 | 5.6.8.x |
- http://git.php.net/?p=php-src.git;a=commit;h=1cbd25ca15383394ffa9ee8601c5de4c0f2f90e1
- http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=1cbd25ca15383394ffa9ee8601c5de4c0f2f90e1
- http://lists.opensuse.org/opensuse-updates/2016-06/msg00027.html
- http://php.net/ChangeLog-5.php
- https://bugs.php.net/bug.php?id=69737
- https://www.htbridge.com/advisory/HTB23262
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime