Published: 16/05/2016 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP prior to 5.4.45, 5.5.x prior to 5.5.29, and 5.6.x prior to 5.6.13, when libxml2 prior to 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation after the principal argument loop, which allows remote malicious users to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6837.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php php 5.6.0
php php 5.6.1
php php 5.6.2
php php 5.6.3
php php 5.6.4
php php 5.6.5
php php 5.6.6
php php 5.6.7
php php 5.6.8
php php 5.6.9
php php 5.6.10
php php 5.6.11
php php 5.6.12
xmlsoft libxml2
php php 5.5.0
php php 5.5.1
php php 5.5.2
php php 5.5.3
php php 5.5.4
php php 5.5.5
php php 5.5.6
php php 5.5.7
php php 5.5.8
php php 5.5.9
php php 5.5.10
php php 5.5.11
php php 5.5.12
php php 5.5.13
php php 5.5.14
php php 5.5.15
php php 5.5.16
php php 5.5.17
php php 5.5.18
php php 5.5.19
php php 5.5.20
php php 5.5.21
php php 5.5.22
php php 5.5.23
php php 5.5.24
php php 5.5.25
php php 5.5.26
php php 5.5.27
php php 5.5.28
php php

Several security issues were fixed in PHP ...

Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development The vulnerabilities are addressed by upgrading PHP to new upstream versions (5445 and 5613), which include additional bug fixes Please refer to the upstream changelog for more information: phpnet/ChangeLog-5 ...

A NULL pointer dereference flaw was found in the XSLTProcessor class in PHP An attacker could use this flaw to cause a PHP application to crash if it performed Extensible Stylesheet Language (XSL) transformations using untrusted XSLT files and allowed the use of PHP functions to be used as XSLT functions within XSL stylesheets ...

A NULL pointer dereference flaw was found in the XSLTProcessor class in PHP An attacker could use this flaw to cause a PHP application to crash if it performed Extensible Stylesheet Language (XSL) transformations using untrusted XSLT files and allowed the use of PHP functions to be used as XSLT functions within XSL stylesheets (CVE-2015-6837, CVE ...

As <a href="bugsphpnet/bugphp?id=69720">reported upstream</a>, A NULL pointer dereference flaw was found in the way PHP's Phar extension parsed Phar archives A specially crafted archive could cause PHP to crash (CVE-2015-7803 ) A flaw was discovered in the way PHP performed object unserialization Specially crafted input pr ...

NVD-CWE-Other http://www.securitytracker.com/id/1033548 https://bugs.php.net/bug.php?id=69782 http://php.net/ChangeLog-5.php http://www.securityfocus.com/bid/76733 http://www.debian.org/security/2015/dsa-3358 https://security.gentoo.org/glsa/201606-10 https://usn.ubuntu.com/2758-1/https://nvd.nist.gov

CVE-2015-6838

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect