CVE-2015-1351
php: use after free in opcache extension
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
Vulnerabilidad de uso después de liberación en la función _zend_shared_memdup en zend_shared_alloc.c en la extensión OPcache en PHP hasta 5.6.7 permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores desconocidos.
A use-after-free flaw was found in PHP's OPcache extension. This flaw could possibly lead to a disclosure of a portion of the server memory.
S. Paraschoudis discovered that PHP incorrectly handled memory in the enchant binding. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Taoguang Chen discovered that PHP incorrectly handled unserializing objects. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that PHP incorrectly handled memory in the phar extension. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libzip, which is embedded in PHP, processed certain ZIP archives. If an attacker were able to supply a specially crafted ZIP archive to an application using libzip, it could cause the application to crash or, possibly, execute arbitrary code. It was discovered that the PHP opcache component incorrectly handled memory. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that the PHP PostgreSQL database extension incorrectly handled certain pointers. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. The updated php packages have been patched and upgraded to the 5.5.23 version which is not vulnerable to these issues. The libzip packages has been patched to address the flaw. Additionally the php-xdebug package has been upgraded to the latest 2.3.2 and the PECL packages which requires so has been rebuilt for php-5.5.23.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-01-24 CVE Reserved
- 2015-02-17 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-416: Use After Free
CAPEC
References (15)
| URL | Tag | Source |
|---|---|---|
| http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=777c39f4042327eac4b63c7ee87dc1c7a09a3115 | X_refsource_confirm | |
| http://openwall.com/lists/oss-security/2015/01/24/9 | Mailing List | |
| http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html | Third Party Advisory |
|
| http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html | Third Party Advisory |
|
| http://www.securityfocus.com/bid/71929 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://bugs.php.net/bug.php?id=68677 | 2024-08-06 |
| URL | Date | SRC |
|---|---|---|
| http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | 2023-11-07 |
| URL | Date | SRC |
|---|---|---|
| http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html | 2023-11-07 | |
| http://rhn.redhat.com/errata/RHSA-2015-1053.html | 2023-11-07 | |
| http://rhn.redhat.com/errata/RHSA-2015-1066.html | 2023-11-07 | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2015:079 | 2023-11-07 | |
| https://security.gentoo.org/glsa/201606-10 | 2023-11-07 | |
| https://support.apple.com/HT205267 | 2023-11-07 | |
| https://access.redhat.com/security/cve/CVE-2015-1351 | 2015-06-04 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1185900 | 2015-06-04 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Oracle Search vendor "Oracle" | Secure Backup Search vendor "Oracle" for product "Secure Backup" | <= 12.1.0.1.0 Search vendor "Oracle" for product "Secure Backup" and version " <= 12.1.0.1.0" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | <= 10.6.8 Search vendor "Apple" for product "Mac Os X" and version " <= 10.6.8" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | < 5.5.24 Search vendor "Php" for product "Php" and version " < 5.5.24" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | >= 5.6.0 < 5.6.8 Search vendor "Php" for product "Php" and version " >= 5.6.0 < 5.6.8" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Linux Search vendor "Oracle" for product "Linux" | 6 Search vendor "Oracle" for product "Linux" and version "6" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Linux Search vendor "Oracle" for product "Linux" | 7 Search vendor "Oracle" for product "Linux" and version "7" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Solaris Search vendor "Oracle" for product "Solaris" | 11.2 Search vendor "Oracle" for product "Solaris" and version "11.2" | - |
Affected
| ||||||