CVE-2015-0231
27.01.2015, 20:03
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142.Enginsight
Vendor | Product | Version |
---|---|---|
php | php | 𝑥 ≤ 5.4.36 |
php | php | 5.4.0 |
php | php | 5.4.1 |
php | php | 5.4.2 |
php | php | 5.4.3 |
php | php | 5.4.4 |
php | php | 5.4.5 |
php | php | 5.4.6 |
php | php | 5.4.7 |
php | php | 5.4.8 |
php | php | 5.4.9 |
php | php | 5.4.10 |
php | php | 5.4.11 |
php | php | 5.4.12 |
php | php | 5.4.12:rc1 |
php | php | 5.4.12:rc2 |
php | php | 5.4.13 |
php | php | 5.4.13:rc1 |
php | php | 5.4.14 |
php | php | 5.4.14:rc1 |
php | php | 5.4.15:rc1 |
php | php | 5.4.16:rc1 |
php | php | 5.4.17 |
php | php | 5.4.18 |
php | php | 5.4.19 |
php | php | 5.4.20 |
php | php | 5.4.21 |
php | php | 5.4.22 |
php | php | 5.4.23 |
php | php | 5.4.24 |
php | php | 5.4.25 |
php | php | 5.4.26 |
php | php | 5.4.27 |
php | php | 5.4.28 |
php | php | 5.4.29 |
php | php | 5.4.30 |
php | php | 5.4.34 |
php | php | 5.4.35 |
php | php | 5.5.0 |
php | php | 5.5.0:alpha1 |
php | php | 5.5.0:alpha2 |
php | php | 5.5.0:alpha3 |
php | php | 5.5.0:alpha4 |
php | php | 5.5.0:alpha5 |
php | php | 5.5.0:alpha6 |
php | php | 5.5.0:beta1 |
php | php | 5.5.0:beta2 |
php | php | 5.5.0:beta3 |
php | php | 5.5.0:beta4 |
php | php | 5.5.0:rc1 |
php | php | 5.5.0:rc2 |
php | php | 5.5.1 |
php | php | 5.5.2 |
php | php | 5.5.3 |
php | php | 5.5.4 |
php | php | 5.5.5 |
php | php | 5.5.6 |
php | php | 5.5.7 |
php | php | 5.5.8 |
php | php | 5.5.9 |
php | php | 5.5.10 |
php | php | 5.5.11 |
php | php | 5.5.12 |
php | php | 5.5.13 |
php | php | 5.5.14 |
php | php | 5.5.15 |
php | php | 5.5.16 |
php | php | 5.5.17 |
php | php | 5.5.18 |
php | php | 5.5.19 |
php | php | 5.5.20 |
php | php | 5.6.0:alpha1 |
php | php | 5.6.0:alpha2 |
php | php | 5.6.0:alpha3 |
php | php | 5.6.0:alpha4 |
php | php | 5.6.0:alpha5 |
php | php | 5.6.0:beta1 |
php | php | 5.6.0:beta2 |
php | php | 5.6.0:beta3 |
php | php | 5.6.0:beta4 |
php | php | 5.6.1 |
php | php | 5.6.2 |
php | php | 5.6.3 |
php | php | 5.6.4 |
𝑥
= Vulnerable software versions

Ubuntu Releases
References