Lucene search

[email protected]NVD:CVE-2015-0231

HistoryJan 27, 2015 - 8:03 p.m.

CVE-2015-0231

2015-01-2720:03:41

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.3 High

AI Score

Confidence

High

0.861 High

EPSS

Percentile

98.6%

JSON

Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142.

Affected configurations

NVD

Node

phpphpRange≤5.4.36

phpphpMatch5.4.0

phpphpMatch5.4.1

phpphpMatch5.4.2

phpphpMatch5.4.3

phpphpMatch5.4.4

phpphpMatch5.4.5

phpphpMatch5.4.6

phpphpMatch5.4.7

phpphpMatch5.4.8

phpphpMatch5.4.9

phpphpMatch5.4.10

phpphpMatch5.4.11

phpphpMatch5.4.12

phpphpMatch5.4.12rc1

phpphpMatch5.4.12rc2

phpphpMatch5.4.13

phpphpMatch5.4.13rc1

phpphpMatch5.4.14

phpphpMatch5.4.14rc1

phpphpMatch5.4.15rc1

phpphpMatch5.4.16rc1

phpphpMatch5.4.17

phpphpMatch5.4.18

phpphpMatch5.4.19

phpphpMatch5.4.20

phpphpMatch5.4.21

phpphpMatch5.4.22

phpphpMatch5.4.23

phpphpMatch5.4.24

phpphpMatch5.4.25

phpphpMatch5.4.26

phpphpMatch5.4.27

phpphpMatch5.4.28

phpphpMatch5.4.29

phpphpMatch5.4.30

phpphpMatch5.4.34

phpphpMatch5.4.35

phpphpMatch5.5.0

phpphpMatch5.5.0alpha1

phpphpMatch5.5.0alpha2

phpphpMatch5.5.0alpha3

phpphpMatch5.5.0alpha4

phpphpMatch5.5.0alpha5

phpphpMatch5.5.0alpha6

phpphpMatch5.5.0beta1

phpphpMatch5.5.0beta2

phpphpMatch5.5.0beta3

phpphpMatch5.5.0beta4

phpphpMatch5.5.0rc1

phpphpMatch5.5.0rc2

phpphpMatch5.5.1

phpphpMatch5.5.2

phpphpMatch5.5.3

phpphpMatch5.5.4

phpphpMatch5.5.5

phpphpMatch5.5.6

phpphpMatch5.5.7

phpphpMatch5.5.8

phpphpMatch5.5.9

phpphpMatch5.5.10

phpphpMatch5.5.11

phpphpMatch5.5.12

phpphpMatch5.5.13

phpphpMatch5.5.14

phpphpMatch5.5.15

phpphpMatch5.5.16

phpphpMatch5.5.17

phpphpMatch5.5.18

phpphpMatch5.5.19

phpphpMatch5.5.20

phpphpMatch5.6.0alpha1

phpphpMatch5.6.0alpha2

phpphpMatch5.6.0alpha3

phpphpMatch5.6.0alpha4

phpphpMatch5.6.0alpha5

phpphpMatch5.6.0beta1

phpphpMatch5.6.0beta2

phpphpMatch5.6.0beta3

phpphpMatch5.6.0beta4

phpphpMatch5.6.1

phpphpMatch5.6.2

phpphpMatch5.6.3

phpphpMatch5.6.4

References

advisories.mageia.org/MGASA-2015-0040.html

lists.apple.com/archives/security-announce/2015/Sep/msg00008.html

lists.opensuse.org/opensuse-security-announce/2015-02/msg00029.html

lists.opensuse.org/opensuse-updates/2015-02/msg00079.html

marc.info/?l=bugtraq&m=143403519711434&w=2

marc.info/?l=bugtraq&m=143748090628601&w=2

marc.info/?l=bugtraq&m=144050155601375&w=2

rhn.redhat.com/errata/RHSA-2015-1053.html

rhn.redhat.com/errata/RHSA-2015-1066.html

rhn.redhat.com/errata/RHSA-2015-1135.html

www.debian.org/security/2015/dsa-3195

www.mandriva.com/security/advisories?name=MDVSA-2015:032

www.mandriva.com/security/advisories?name=MDVSA-2015:079

www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

www.php.net/ChangeLog-5.php

www.securityfocus.com/bid/72539

bugs.php.net/bug.php?id=68710

bugzilla.redhat.com/show_bug.cgi?id=1185397

github.com/php/php-src/commit/b585a3aed7880a5fa5c18e2b838fc96f40e075bd

security.gentoo.org/glsa/201503-03

security.gentoo.org/glsa/201606-10

support.apple.com/HT205267

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.3 High

AI Score

Confidence

High

0.861 High

EPSS

Percentile

98.6%

JSON

CVE-2015-0231

Affected configurations

References

Related