Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2015-0231

Published: 27/01/2015 Updated: 31/12/2016
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Php

Vulnerability Summary

Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP prior to 5.4.37, 5.5.x prior to 5.5.21, and 5.6.x prior to 5.6.5 allows remote malicious users to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142.

Vulnerable Product Search on Vulmon Subscribe to Product

php php 5.6.0

php php 5.5.0

php php 5.5.14

php php 5.5.15

php php 5.5.3

php php 5.5.4

php php 5.4.7

php php 5.4.6

php php 5.4.29

php php 5.4.28

php php 5.4.21

php php 5.4.20

php php 5.4.2

php php 5.4.14

php php 5.4.13

php php 5.4.1

php php 5.4.0

php php 5.6.1

php php 5.5.1

php php 5.5.16

php php 5.5.17

php php 5.5.5

php php 5.5.6

php php 5.5.7

php php 5.4.5

php php 5.4.4

php php 5.4.27

php php 5.4.26

php php 5.4.19

php php 5.4.18

php php 5.4.12

php php

php php 5.6.2

php php 5.6.3

php php 5.5.10

php php 5.5.11

php php 5.5.18

php php 5.5.19

php php 5.5.8

php php 5.5.9

php php 5.4.35

php php 5.4.34

php php 5.4.25

php php 5.4.24

php php 5.4.17

php php 5.4.16

php php 5.6.4

php php 5.5.12

php php 5.5.13

php php 5.5.2

php php 5.5.20

php php 5.4.9

php php 5.4.8

php php 5.4.30

php php 5.4.3

php php 5.4.23

php php 5.4.22

php php 5.4.15

php php 5.4.11

php php 5.4.10

Vendor Advisories

Debian CVElist Bug Report Logs: php5: CVE-2015-2331
Debian Bug report logs - #780713 php5: CVE-2015-2331 Package: src:php5; Maintainer for src:php5 is Debian PHP Maintainers <pkg-php-maint@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Wed, 18 Mar 2015 09:24:07 UTC Severity: grave Tags: security Found in versions php5/566+dfsg-1, p ...
Ubuntu Security Notice: php5 vulnerabilities
Several security issues were fixed in PHP ...
Red Hat: CVE-2015-0231
A use-after-free flaw was found in the way PHP's unserialize() function processed data If a remote attacker was able to pass crafted input to PHP's unserialize() function, they could cause the PHP interpreter to crash or, possibly, execute arbitrary code ...
Amazon Linux AMI: ALAS-2015-474
sapi/cgi/cgi_mainc in the CGI component in PHP through 5436, 55x through 5520, and 56x through 564, when mmap is used to read a php file, does not properly consider the mapping's length during processing of an invalid file that begins with a # character and lacks a newline character, which causes an out-of-bounds read and might (1) allo ...
Amazon Linux AMI: ALAS-2015-475
sapi/cgi/cgi_mainc in the CGI component in PHP through 5436, 55x through 5520, and 56x through 564, when mmap is used to read a php file, does not properly consider the mapping's length during processing of an invalid file that begins with a # character and lacks a newline character, which causes an out-of-bounds read and might (1) allo ...
Amazon Linux AMI: ALAS-2015-506
A use-after-free flaw was found in the way PHP's unserialize() function processed data If a remote attacker was able to pass crafted input to PHP's unserialize() function, they could cause the PHP interpreter to crash or, possibly, execute arbitrary code (CVE-2015-0231) An integer overflow flaw, leading to a heap-based buffer overflow, was found ...
Amazon Linux AMI: ALAS-2015-508
A use-after-free flaw was found in the way PHP's unserialize() function processed data If a remote attacker was able to pass crafted input to PHP's unserialize() function, they could cause the PHP interpreter to crash or, possibly, execute arbitrary code (CVE-2015-0231) An integer overflow flaw, leading to a heap-based buffer overflow, was found ...
Amazon Linux AMI: ALAS-2015-507
A use-after-free flaw was found in the way PHP's unserialize() function processed data If a remote attacker was able to pass crafted input to PHP's unserialize() function, they could cause the PHP interpreter to crash or, possibly, execute arbitrary code (CVE-2015-0231) An integer overflow flaw, leading to a heap-based buffer overflow, was found ...
Tenable Security Advisories: [R5] Tenable Products Affected by PHP < 5.5.21 / 5.4.37 Vulnerabilities
PHP contains a use-after-free error in the process_nested_data() function in ext/standard/var_unserializerre With specially crafted input passed to the unserialize() method, a remote attacker can dereference already freed memory and potentially execute arbitrary code (CVE-2014-8142 / CVE-2015-0231) PHP contains a flaw in the exif_process_unicod ...

Exploits

Exploit DB: Kerio Control Unified Threat Management Code Execution / XSS / Memory Corruption
Kerio Control Unified Threat Management versions prior to 913 suffer from unsafe usage of the PHP unserialize function, code execution, memory corruption, cross site scripting, and various other vulnerabilities ...

References

NVD-CWE-Otherhttp://www.php.net/ChangeLog-5.phphttps://github.com/php/php-src/commit/b585a3aed7880a5fa5c18e2b838fc96f40e075bdhttps://bugzilla.redhat.com/show_bug.cgi?id=1185397https://bugs.php.net/bug.php?id=68710http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00029.htmlhttp://lists.opensuse.org/opensuse-updates/2015-02/msg00079.htmlhttp://www.debian.org/security/2015/dsa-3195http://www.mandriva.com/security/advisories?name=MDVSA-2015:079http://advisories.mageia.org/MGASA-2015-0040.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2015:032https://support.apple.com/HT205267http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1135.htmlhttp://marc.info/?l=bugtraq&m=143403519711434&w=2http://marc.info/?l=bugtraq&m=143748090628601&w=2http://marc.info/?l=bugtraq&m=144050155601375&w=2http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlhttps://security.gentoo.org/glsa/201606-10https://security.gentoo.org/glsa/201503-03http://www.securityfocus.com/bid/72539http://rhn.redhat.com/errata/RHSA-2015-1066.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1053.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780713https://usn.ubuntu.com/2501-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2015-0231
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook