VulnerableCode Vulnerability Details - VCID-7mxh-4vcy-6kc8

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-7mxh-4vcy-6kc8

Essentials
Severities (2)
References (13)
Severity details (0)
Exploits (1)
EPSS
History (1)

Vulnerability ID	VCID-7mxh-4vcy-6kc8
Aliases	CVE-2015-6834
Summary	php: multiple unserialization use-after-free issues
Status	Published
Exploitability	2.0
Weighted Severity	0.3
Risk	0.6
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-416

System	Score	Found at
epss	0.35455	https://api.first.org/data/v1/epss?cve=CVE-2015-6834
epss	0.35455	https://api.first.org/data/v1/epss?cve=CVE-2015-6834

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-6834.json
		https://api.first.org/data/v1/epss?cve=CVE-2015-6834
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6834
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6835
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6836
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6837
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6838
1260642		https://bugzilla.redhat.com/show_bug.cgi?id=1260642
CVE-2015-6834;OSVDB-126951	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/dos/38122.txt
CVE-2015-6834;OSVDB-126954	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/dos/38120.txt
GLSA-201606-10		https://security.gentoo.org/glsa/201606-10
RHSA-2016:0457		https://access.redhat.com/errata/RHSA-2016:0457
USN-2758-1		https://usn.ubuntu.com/2758-1/

Data source	Exploit-DB
Date added	Sept. 9, 2015
Description	PHP 5.4/5.5/5.6 - SplObjectStorage 'Unserialize()' Use-After-Free
Ransomware campaign use	Known
Source publication date	Sept. 9, 2015
Exploit type	dos
Platform	php
Source update date	Dec. 1, 2016

There are no known vectors.

Exploit Prediction Scoring System (EPSS)

Percentile	0.97146
EPSS Score	0.35455
Published At	June 4, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-04T18:13:01.527796+00:00	RedHat Importer	Import	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-6834.json	38.6.0