CVE-2015-1351

CWE-416 — Use After Free10 documents8 sources

Severity

7.5HIGH

EPSS

19.1%

top 4.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

PHP PHP Apple MAC OS X Oracle Secure Backup +2 more

Timeline

PublishedMar 30

Latest updateMay 13

Description

Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages6 packages

▶NVDphp/php5.6.0 — 5.6.8+1

▶Ubuntuphp5< 5.5.9+dfsg-1ubuntu4.6

▶NVDapple/mac_os_x10.6.8

▶NVDoracle/secure_backup12.1.0.1.0

▶NVDoracle/linux6, 7+1

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-4p3m-vcw5-28gr: Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc↗2022-05-13

▶

CVEList

CVE-2015-1351: Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc↗2015-03-30

▶

OSV

CVE-2015-1351: Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc↗2015-01-26

▶

📋Vendor Advisories

Ubuntu

PHP vulnerabilities↗2015-02-17

▶

Red Hat

php: use after free in opcache extension↗2014-12-29

▶

Apple

CVE-2015-1351: OS X El Capitan v10.11↗

▶

💬Community

Bugzilla

CVE-2015-1351 php-pecl-zendopcache: php: use after free in opcache extension [epel-all]↗2015-04-08

▶

Bugzilla

CVE-2015-1351 CVE-2015-1352 CVE-2015-1353 php: various flaws [fedora-all]↗2015-01-26

▶

Bugzilla

CVE-2015-1351 php: use after free in opcache extension↗2015-01-26

▶