CVE-2015-6837

CWE-476NULL Pointer Dereference9 documents8 sources
Severity
7.5HIGH
EPSS
3.8%
top 11.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
PHP PHPXmlsoft Libxml2
Timeline
PublishedMay 16
Latest updateMay 17

Description

The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation during initial error checking, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6838.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDxmlsoft/libxml22.9.1
Ubuntuphp5< 5.5.9+dfsg-1ubuntu4.13
NVDphp/php5.4.44+42

🔴Vulnerability Details

3
GHSA
GHSA-6mjv-wh4q-f383: The xsl_ext_function_php function in ext/xsl/xsltprocessor2022-05-17
CVEList
CVE-2015-6837: The xsl_ext_function_php function in ext/xsl/xsltprocessor2016-05-16
OSV
CVE-2015-6837: The xsl_ext_function_php function in ext/xsl/xsltprocessor2015-09-09

📋Vendor Advisories

4
Ubuntu
PHP vulnerabilities2015-09-30
Red Hat
php: NULL pointer dereference in XSLTProcessor class2015-06-09
Red Hat
php: NULL pointer dereference in XSLTProcessor class2015-06-09
Apple
CVE-2015-6837: OS X El Capitan 10.11.1, Security Update 2015-004 Yosemite, and Security Update 2015-007 Mavericks

💬Community

1
Bugzilla
CVE-2015-6837 CVE-2015-6838 php: NULL pointer dereference in XSLTProcessor class2015-09-07
CVE-2015-6837 (HIGH CVSS 7.5) | The xsl_ext_function_php function i | cvebase.io