Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2015-1351: : Bug #68677 :: use-after-free

Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

CVE
#vulnerability#dos#git#php

[2014-12-29 02:50 UTC] bugreports at internot dot info

Description:

Hi,

In /ext/opcache/zend_shared_alloc.c there is a use-after-free:

347 if (free_source) { 348 efree(source); 349 } 350 zend_shared_alloc_register_xlat_entry(source, retval);

Thanks,

[2014-12-30 03:00 UTC] [email protected]

-Package: *General Issues +Package: opcache

[2015-01-08 08:38 UTC] [email protected]

Automatic comment on behalf of laruence Revision: http://git.php.net/?p=php-src.git;a=commit;h=777c39f4042327eac4b63c7ee87dc1c7a09a3115 Log: Fixed #68677

[2015-01-08 08:38 UTC] [email protected]

-Status: Open +Status: Closed

[2015-03-18 12:39 UTC] [email protected]

-Assigned To: +Assigned To: kaplan -CVE-ID: +CVE-ID: 2015-1351

[2015-03-31 22:47 UTC] [email protected]

Automatic comment on behalf of [email protected] Revision: http://git.php.net/?p=php-src.git;a=commit;h=a32c8ba719493fd2b4700c4f7db1ef130ceb7661 Log: Fixed bug #68739 (Missing break / control flow). Fixed bug #68740 (NULL Pointer Dereference). Fixed bug #68677 (Use After Free).

[2015-03-31 22:47 UTC] [email protected]

Automatic comment on behalf of laruence Revision: http://git.php.net/?p=php-src.git;a=commit;h=0a8f28b43212cc2ddbc1f2df710e37b1bec0addd Log: Fixed bug #68677 (Use After Free in OPcache)

[2015-03-31 22:56 UTC] [email protected]

Automatic comment on behalf of [email protected] Revision: http://git.php.net/?p=php-src.git;a=commit;h=a32c8ba719493fd2b4700c4f7db1ef130ceb7661 Log: Fixed bug #68739 (Missing break / control flow). Fixed bug #68740 (NULL Pointer Dereference). Fixed bug #68677 (Use After Free).

[2015-03-31 22:56 UTC] [email protected]

Automatic comment on behalf of laruence Revision: http://git.php.net/?p=php-src.git;a=commit;h=0a8f28b43212cc2ddbc1f2df710e37b1bec0addd Log: Fixed bug #68677 (Use After Free in OPcache)

[2015-03-31 23:02 UTC] [email protected]

Automatic comment on behalf of [email protected] Revision: http://git.php.net/?p=php-src.git;a=commit;h=a32c8ba719493fd2b4700c4f7db1ef130ceb7661 Log: Fixed bug #68739 (Missing break / control flow). Fixed bug #68740 (NULL Pointer Dereference). Fixed bug #68677 (Use After Free).

[2015-03-31 23:02 UTC] [email protected]

Automatic comment on behalf of laruence Revision: http://git.php.net/?p=php-src.git;a=commit;h=0a8f28b43212cc2ddbc1f2df710e37b1bec0addd Log: Fixed bug #68677 (Use After Free in OPcache)

[2016-07-20 11:40 UTC] [email protected]

Automatic comment on behalf of laruence Revision: http://git.php.net/?p=php-src.git;a=commit;h=777c39f4042327eac4b63c7ee87dc1c7a09a3115 Log: Fixed #68677

Related news

CVE-2016-5612: Oracle Critical Patch Update - October 2016

Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 and earlier, and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML.

CVE-2016-5771: PHP: PHP 5 ChangeLog

spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data.

CVE-2015-1352: security - Re: CVE Request: PHP

The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name.

CVE-2014-3479: PHP: PHP 5 ChangeLog

The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907