CVE-2015-6834

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.4.45 PHP versions 5.5.x prior to 5.5.29 PHP versions 5.6.x prior to 5.6.13

Description The issue is related to multiple use-after-free vulnerabilities in PHP, which can be exploited by a remote attacker to execute arbitrary code. This is achieved through vectors related to the Serializable interface, the SplObjectStorage class, and the SplDoublyLinkedList class, which are mishandled during unserialization.

Recommendations For PHP versions prior to 5.4.45, update to version 5.4.45 or later. For PHP versions 5.5.x prior to 5.5.29, update to version 5.5.29 or later. For PHP versions 5.6.x prior to 5.6.13, update to version 5.6.13 or later. As a temporary workaround, consider restricting the use of the Serializable interface, the SplObjectStorage class, and the SplDoublyLinkedList class to minimize the risk of exploitation.