CVE-2015-0231

Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
VendorProductVersion
phpphp
𝑥
≤ 5.4.36
phpphp
5.4.0
phpphp
5.4.1
phpphp
5.4.2
phpphp
5.4.3
phpphp
5.4.4
phpphp
5.4.5
phpphp
5.4.6
phpphp
5.4.7
phpphp
5.4.8
phpphp
5.4.9
phpphp
5.4.10
phpphp
5.4.11
phpphp
5.4.12
phpphp
5.4.12:rc1
phpphp
5.4.12:rc2
phpphp
5.4.13
phpphp
5.4.13:rc1
phpphp
5.4.14
phpphp
5.4.14:rc1
phpphp
5.4.15:rc1
phpphp
5.4.16:rc1
phpphp
5.4.17
phpphp
5.4.18
phpphp
5.4.19
phpphp
5.4.20
phpphp
5.4.21
phpphp
5.4.22
phpphp
5.4.23
phpphp
5.4.24
phpphp
5.4.25
phpphp
5.4.26
phpphp
5.4.27
phpphp
5.4.28
phpphp
5.4.29
phpphp
5.4.30
phpphp
5.4.34
phpphp
5.4.35
phpphp
5.5.0
phpphp
5.5.0:alpha1
phpphp
5.5.0:alpha2
phpphp
5.5.0:alpha3
phpphp
5.5.0:alpha4
phpphp
5.5.0:alpha5
phpphp
5.5.0:alpha6
phpphp
5.5.0:beta1
phpphp
5.5.0:beta2
phpphp
5.5.0:beta3
phpphp
5.5.0:beta4
phpphp
5.5.0:rc1
phpphp
5.5.0:rc2
phpphp
5.5.1
phpphp
5.5.2
phpphp
5.5.3
phpphp
5.5.4
phpphp
5.5.5
phpphp
5.5.6
phpphp
5.5.7
phpphp
5.5.8
phpphp
5.5.9
phpphp
5.5.10
phpphp
5.5.11
phpphp
5.5.12
phpphp
5.5.13
phpphp
5.5.14
phpphp
5.5.15
phpphp
5.5.16
phpphp
5.5.17
phpphp
5.5.18
phpphp
5.5.19
phpphp
5.5.20
phpphp
5.6.0:alpha1
phpphp
5.6.0:alpha2
phpphp
5.6.0:alpha3
phpphp
5.6.0:alpha4
phpphp
5.6.0:alpha5
phpphp
5.6.0:beta1
phpphp
5.6.0:beta2
phpphp
5.6.0:beta3
phpphp
5.6.0:beta4
phpphp
5.6.1
phpphp
5.6.2
phpphp
5.6.3
phpphp
5.6.4
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
php5
utopic
Fixed 5.5.12+dfsg-2ubuntu4.2
released
trusty
Fixed 5.5.9+dfsg-1ubuntu4.6
released
precise
Fixed 5.3.10-1ubuntu3.16
released
lucid
not-affected
References
http://advisories.mageia.org/MGASA-2015-0040.html
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00029.html
http://lists.opensuse.org/opensuse-updates/2015-02/msg00079.html
http://marc.info/?l=bugtraq&m=143403519711434&w=2
http://marc.info/?l=bugtraq&m=143403519711434&w=2
http://marc.info/?l=bugtraq&m=143748090628601&w=2
http://marc.info/?l=bugtraq&m=144050155601375&w=2
http://rhn.redhat.com/errata/RHSA-2015-1053.html
http://rhn.redhat.com/errata/RHSA-2015-1066.html
http://rhn.redhat.com/errata/RHSA-2015-1135.html
http://www.debian.org/security/2015/dsa-3195
http://www.mandriva.com/security/advisories?name=MDVSA-2015:032
http://www.mandriva.com/security/advisories?name=MDVSA-2015:079
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.php.net/ChangeLog-5.php
http://www.securityfocus.com/bid/72539
https://bugs.php.net/bug.php?id=68710
https://bugzilla.redhat.com/show_bug.cgi?id=1185397
https://github.com/php/php-src/commit/b585a3aed7880a5fa5c18e2b838fc96f40e075bd
https://security.gentoo.org/glsa/201503-03
https://security.gentoo.org/glsa/201606-10
https://support.apple.com/HT205267
http://advisories.mageia.org/MGASA-2015-0040.html
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00029.html
http://lists.opensuse.org/opensuse-updates/2015-02/msg00079.html
http://marc.info/?l=bugtraq&m=143403519711434&w=2
http://marc.info/?l=bugtraq&m=143403519711434&w=2
http://marc.info/?l=bugtraq&m=143748090628601&w=2
http://marc.info/?l=bugtraq&m=144050155601375&w=2
http://rhn.redhat.com/errata/RHSA-2015-1053.html
http://rhn.redhat.com/errata/RHSA-2015-1066.html
http://rhn.redhat.com/errata/RHSA-2015-1135.html
http://www.debian.org/security/2015/dsa-3195
http://www.mandriva.com/security/advisories?name=MDVSA-2015:032
http://www.mandriva.com/security/advisories?name=MDVSA-2015:079
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.php.net/ChangeLog-5.php
http://www.securityfocus.com/bid/72539
https://bugs.php.net/bug.php?id=68710
https://bugzilla.redhat.com/show_bug.cgi?id=1185397
https://github.com/php/php-src/commit/b585a3aed7880a5fa5c18e2b838fc96f40e075bd
https://security.gentoo.org/glsa/201503-03
https://security.gentoo.org/glsa/201606-10
https://support.apple.com/HT205267