Use-After-Free Vulnerability in PHP OPcache Extension by Zend Technologies
CVE-2015-1351

Currently unrated

Key Information:

Vendor

Oracle
Status
Secure Backup
Vendor
CVE Published:
30 March 2015

What is CVE-2015-1351?

A use-after-free vulnerability exists in the _zend_shared_memdup function within zend_shared_alloc.c of the OPcache extension of PHP. This flaw allows remote attackers to potentially exploit unhandled parameters in the memory allocation process, possibly causing a denial of service or leading to various unintended consequences. This vulnerability is present in PHP versions up to 5.6.7, necessitating immediate attention from users to ensure their systems remain secure.

References

http://www.securityfocus.com/bid/71929
vdb-entryx_refsource_BID
http://openwall.com/lists/oss-security/2015/01/24/9
mailing-listx_refsource_MLIST
http://lists.apple.com/archives/security-announce/2015/Se...
vendor-advisoryx_refsource_APPLE

EPSS Score

11% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2015-1351 : Use-After-Free Vulnerability in PHP OPcache Extension by Zend Technologies