CVE-2015-6838

CWE-476 — NULL Pointer Dereference10 documents9 sources

Severity

7.5HIGH

EPSS

3.8%

top 11.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

PHP PHP Xmlsoft Libxml2

Timeline

PublishedMay 16

Latest updateMay 17

Description

The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation after the principal argument loop, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6837.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDxmlsoft/libxml22.9.1

▶Ubuntuphp5< 5.5.9+dfsg-1ubuntu4.13

▶NVDphp/php5.4.44+42

🔴Vulnerability Details

GHSA

GHSA-q5x2-3h44-rh43: The xsl_ext_function_php function in ext/xsl/xsltprocessor↗2022-05-17

▶

CVEList

CVE-2015-6838: The xsl_ext_function_php function in ext/xsl/xsltprocessor↗2016-05-16

▶

OSV

CVE-2015-6838: The xsl_ext_function_php function in ext/xsl/xsltprocessor↗2015-09-09

▶

💥Exploits & PoCs

Exploit-DB

ArcSight Logger - Arbitrary File Upload / Code Execution↗2015-03-13

▶

📋Vendor Advisories

Ubuntu

PHP vulnerabilities↗2015-09-30

▶

Red Hat

php: NULL pointer dereference in XSLTProcessor class↗2015-06-09

▶

Red Hat

php: NULL pointer dereference in XSLTProcessor class↗2015-06-09

▶

Apple

CVE-2015-6838: OS X El Capitan 10.11.1, Security Update 2015-004 Yosemite, and Security Update 2015-007 Mavericks↗

▶

💬Community

Bugzilla

CVE-2015-6837 CVE-2015-6838 php: NULL pointer dereference in XSLTProcessor class↗2015-09-07

▶