High severity7.3NVD Advisory· Published Jan 19, 2016· Updated May 6, 2026

CVE-2015-6831

Description

Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during unserialization.

Affected products

PHP/PHP
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
Range: <5.4.44
Debian/Debian Linux2 versions
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.debian.org/security/2015/dsa-3344nvd
www.openwall.com/lists/oss-security/2015/08/19/3nvd
www.php.net/ChangeLog-5.phpnvd
www.securityfocus.com/bid/76737nvd
bugs.php.net/bug.phpnvd
bugs.php.net/bug.phpnvd
bugs.php.net/bug.phpnvd
bugs.php.net/bug.phpnvd
security.gentoo.org/glsa/201606-10nvd

News mentions

No linked articles in our index yet.

cvss	0.474
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000