CVE-2015-4116

high-risk
Published 2016-05-16

Use-after-free vulnerability in the spl_ptr_heap_insert function in ext/spl/spl_heap.c in PHP before 5.5.27 and 5.6.x before 5.6.11 allows remote attackers to execute arbitrary code by triggering a failed SplMinHeap::compare operation.

Do I need to act?

~
3.3% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (13)

Php
Php
Php
Php
Php
Php
Php
Php
Php
Php
Php
Php

Affected Vendors

Php Opensuse

References (10)

http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=1cbd25ca15383394ffa9ee8601c5de4...
http://lists.opensuse.org/opensuse-updates/2016-06/msg00027.html
http://php.net/ChangeLog-5.php
Exploit https://bugs.php.net/bug.php?id=69737
Exploit https://www.htbridge.com/advisory/HTB23262
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=1cbd25ca15383394ffa9ee8601c5de4...
http://lists.opensuse.org/opensuse-updates/2016-06/msg00027.html
http://php.net/ChangeLog-5.php
Exploit https://bugs.php.net/bug.php?id=69737
Exploit https://www.htbridge.com/advisory/HTB23262
56
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 7/34 · Low
Exposure 17/34 · Moderate