PHP 'ext/standard/var.c' Incomplete Fix Use After Free Remote Code Execution Vulnerability

PHP is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause a denial-of-service condition.

PHP 7.0.10 and prior are vulnerable.

Note : This issue is the result of an incomplete fix for the CVE-2015-6834 described in BID 76649 (PHP CVE-2015-6834 Multiple Remote Code Execution Vulnerabilities).


Privacy Statement
Copyright 2010, SecurityFocus