7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.189 Low
EPSS
Percentile
96.3%
PHP versions 5.5.x prior to 5.5.21, and 5.6.x prior to 5.6.5 are exposed to the following issues :
A flaw exists in the ‘ereg(regex)’ component due to a NULL pointer dereference condition. Specifically, this issue affects the ‘/regex/regcomp.c’ source file. (Bug 68740)
A use-after-free memory error exists in the ‘opcache’ component. Specifically, this issue affects the ‘/ext/opcache/zend_shared_alloc.c’ source file. (Bug 68677 / CVE-2015-1351)
A flaw exists in the ‘zend_ts_hash_graceful_destroy’ function in the Zend Engine for PHP which exposes a double free vulnerability. Specifically, this issue affects the ‘zend_ts_hash.c’ source file. (Bug 68676 / CVE-2014-9425)
A flaw exists in the ‘pgsql’ component due to a NULL pointer dereference condition. Specifically, this issue affects the ‘token’ parameter of the ‘/ext/pgsql/pgsql.c’ source file. (Bug 68697 / CVE-2015-1352)
A remote attacker could exploit these vulnerabilities to crash the affected application, denying service to legitimate users.
Binary data 8909.prm
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9425
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9709
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1351
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352
www.php.net/ChangeLog-5.php#5.5.21
www.php.net/ChangeLog-5.php#5.6.5
bugs.php.net/bug.php?id=68601
bugs.php.net/bug.php?id=68676
bugs.php.net/bug.php?id=68677
bugs.php.net/bug.php?id=68697
bugs.php.net/bug.php?id=68740