CVE-2015-6831

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.4.44 PHP versions 5.5.x prior to 5.5.28 PHP versions 5.6.x prior to 5.6.12

Description The issue is related to multiple use-after-free vulnerabilities in the SPL library of the PHP interpreter, which can be exploited by a remote attacker to execute arbitrary code. This can be achieved through vectors involving the ArrayObject, SplObjectStorage, and SplDoublyLinkedList classes, which are mishandled during unserialization.

Recommendations For PHP versions prior to 5.4.44, update to version 5.4.44 or later. For PHP versions 5.5.x prior to 5.5.28, update to version 5.5.28 or later. For PHP versions 5.6.x prior to 5.6.12, update to version 5.6.12 or later. As a temporary workaround, consider restricting the use of the ArrayObject, SplObjectStorage, and SplDoublyLinkedList classes during unserialization until a patch is available.