Use-After-Free Vulnerability in PHP OPcache Extension by Zend Technologies
CVE-2015-1351

Currently unrated

Key Information:

Vendor: Oracle
Status: Secure Backup
Vendor: CVE Published:; 30 March 2015

Summary

A use-after-free vulnerability exists in the _zend_shared_memdup function within zend_shared_alloc.c of the OPcache extension of PHP. This flaw allows remote attackers to potentially exploit unhandled parameters in the memory allocation process, possibly causing a denial of service or leading to various unintended consequences. This vulnerability is present in PHP versions up to 5.6.7, necessitating immediate attention from users to ensure their systems remain secure.

References

http://www.securityfocus.com/bid/71929

vdb-entryx_refsource_BID

http://openwall.com/lists/oss-security/2015/01/24/9

mailing-listx_refsource_MLIST

http://lists.apple.com/archives/security-announce/2015/Se...

vendor-advisoryx_refsource_APPLE

EPSS Score

17% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 30, 2015
Vulnerability Reserved
Jan 24, 2015