Headline
CVE-2015-1351: : Bug #68677 :: use-after-free
Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
[2014-12-29 02:50 UTC] bugreports at internot dot info
Description:
Hi,
In /ext/opcache/zend_shared_alloc.c there is a use-after-free:
347 if (free_source) { 348 efree(source); 349 } 350 zend_shared_alloc_register_xlat_entry(source, retval);
Thanks,
[2014-12-30 03:00 UTC] [email protected]
-Package: *General Issues +Package: opcache
[2015-01-08 08:38 UTC] [email protected]
Automatic comment on behalf of laruence Revision: http://git.php.net/?p=php-src.git;a=commit;h=777c39f4042327eac4b63c7ee87dc1c7a09a3115 Log: Fixed #68677
[2015-01-08 08:38 UTC] [email protected]
-Status: Open +Status: Closed
[2015-03-18 12:39 UTC] [email protected]
-Assigned To: +Assigned To: kaplan -CVE-ID: +CVE-ID: 2015-1351
[2015-03-31 22:47 UTC] [email protected]
Automatic comment on behalf of [email protected] Revision: http://git.php.net/?p=php-src.git;a=commit;h=a32c8ba719493fd2b4700c4f7db1ef130ceb7661 Log: Fixed bug #68739 (Missing break / control flow). Fixed bug #68740 (NULL Pointer Dereference). Fixed bug #68677 (Use After Free).
[2015-03-31 22:47 UTC] [email protected]
Automatic comment on behalf of laruence Revision: http://git.php.net/?p=php-src.git;a=commit;h=0a8f28b43212cc2ddbc1f2df710e37b1bec0addd Log: Fixed bug #68677 (Use After Free in OPcache)
[2015-03-31 22:56 UTC] [email protected]
Automatic comment on behalf of [email protected] Revision: http://git.php.net/?p=php-src.git;a=commit;h=a32c8ba719493fd2b4700c4f7db1ef130ceb7661 Log: Fixed bug #68739 (Missing break / control flow). Fixed bug #68740 (NULL Pointer Dereference). Fixed bug #68677 (Use After Free).
[2015-03-31 22:56 UTC] [email protected]
Automatic comment on behalf of laruence Revision: http://git.php.net/?p=php-src.git;a=commit;h=0a8f28b43212cc2ddbc1f2df710e37b1bec0addd Log: Fixed bug #68677 (Use After Free in OPcache)
[2015-03-31 23:02 UTC] [email protected]
Automatic comment on behalf of [email protected] Revision: http://git.php.net/?p=php-src.git;a=commit;h=a32c8ba719493fd2b4700c4f7db1ef130ceb7661 Log: Fixed bug #68739 (Missing break / control flow). Fixed bug #68740 (NULL Pointer Dereference). Fixed bug #68677 (Use After Free).
[2015-03-31 23:02 UTC] [email protected]
Automatic comment on behalf of laruence Revision: http://git.php.net/?p=php-src.git;a=commit;h=0a8f28b43212cc2ddbc1f2df710e37b1bec0addd Log: Fixed bug #68677 (Use After Free in OPcache)
[2016-07-20 11:40 UTC] [email protected]
Automatic comment on behalf of laruence Revision: http://git.php.net/?p=php-src.git;a=commit;h=777c39f4042327eac4b63c7ee87dc1c7a09a3115 Log: Fixed #68677
Related news
Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 and earlier, and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML.
spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data.
The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name.
The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file.