Use-after-free vulnerability in the process_nested_data function in
ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23,
and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code
via a crafted unserialize call that leverages use of the unset function
within an __wakeup function, a related issue to CVE-2015-0231.

Bugs

<https://bugs.php.net/bug.php?id=68976>

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchphp5< 5.3.2-1ubuntu4.30UNKNOWN
ubuntu12.04noarchphp5< 5.3.10-1ubuntu3.18UNKNOWN
ubuntu14.04noarchphp5< 5.5.9+dfsg-1ubuntu4.9UNKNOWN
ubuntu14.10noarchphp5< 5.5.12+dfsg-2ubuntu4.4UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	10.04	noarch	php5	< 5.3.2-1ubuntu4.30	UNKNOWN
ubuntu	12.04	noarch	php5	< 5.3.10-1ubuntu3.18	UNKNOWN
ubuntu	14.04	noarch	php5	< 5.5.9+dfsg-1ubuntu4.9	UNKNOWN
ubuntu	14.10	noarch	php5	< 5.5.12+dfsg-2ubuntu4.4	UNKNOWN

References

php.net/ChangeLog-5.php

gist.github.com/smalyshev/eea9eafc7c88a4a6d10d

launchpad.net/bugs/cve/CVE-2015-2787

nvd.nist.gov/vuln/detail/CVE-2015-2787

security-tracker.debian.org/tracker/CVE-2015-2787

ubuntu.com/security/notices/USN-2572-1

www.cve.org/CVERecord?id=CVE-2015-2787

f5 4

prion 2

cve 2

hackerone 1

checkpoint_advisories 3

nessus 58

ubuntucve 2

osv 2

debian 2

openvas 38

mageia 2

amazon 5

kaspersky 2

archlinux 1

fedora 2

securityvulns 9

freebsd 1

suse 3

ubuntu 2

packetstorm 1

exploitdb 1

exploitpack 1

veracode 27

gentoo 2

redhat 4

oraclelinux 4

slackware 1

ibm 5

centos 2

rosalinux 1

K16486 : PHP vulnerability CVE-2015-2787

2015-04-22 00:00:00

SOL16486 - PHP vulnerability CVE-2015-2787

2015-04-22 00:00:00

K16339 : Multiple PHP vulnerabilities CVE-2014-9425, CVE-2014-9426, CVE-2014-9427, CVE-2015-0231, and CVE-2015-0232

2015-04-01 00:00:00

prion

Design/Logic Flaw

2015-03-30 10:59:00

Design/Logic Flaw

2015-01-27 20:03:00

cve

CVE-2015-2787

2015-03-30 10:59:00

CVE-2015-0231

2015-01-27 20:03:00

hackerone

Internet Bug Bounty: Use After Free Vulnerability in unserialize()

2015-02-03 00:00:00

checkpoint_advisories

PHP Core Unserialize Key Name Code Execution (CVE-2015-0231)

2015-02-16 00:00:00

PHP Core Unserialize Key Name Code Execution - Ver2 (CVE-2015-0231)

2015-05-18 00:00:00

PHP Core unserialize process nested data Use After Free - ver 2 (CVE-2014-8142; CVE-2015-0231)

2015-04-29 00:00:00

nessus

PHP 5.6.x < 5.6.7 Multiple Vulnerabilities

2019-01-09 00:00:00

openSUSE Security Update : php5 (openSUSE-2015-295)

2015-04-09 00:00:00

PHP 5.4.x < 5.4.39 / 5.5.x < 5.5.23 / 5.6.x < 5.6.7 Multiple Vulnerabilities

2015-04-09 00:00:00

ubuntucve

CVE-2015-0231

2015-01-27 00:00:00

CVE-2014-8142

2014-12-20 00:00:00

osv

php5 - security update

2015-04-29 00:00:00

php5 - security update

2015-03-18 00:00:00

debian

[SECURITY] [DLA 212-1] php5 security update

2015-04-29 20:45:33

[SECURITY] [DSA 3195-1] php5 security update

2015-03-18 11:56:46

openvas

Debian: Security Advisory (DLA-212-1)

2023-03-08 00:00:00

Mageia: Security Advisory (MGASA-2015-0134)

2022-01-28 00:00:00

Amazon Linux: Security Advisory (ALAS-2015-508)

2015-09-08 00:00:00

mageia

Updated php and libzip packages fix security vulnerabilities

2015-04-04 14:13:35

Updated php packages fix security vulnerabilities

2015-01-28 00:08:29

amazon

Important: php56

2015-04-15 21:50:00

Important: php55

2015-04-15 21:49:00

Important: php54

2015-04-15 21:49:00

kaspersky

KLA10515 Multiple vulnerabilities in PHP and extensions

2015-03-30 00:00:00

KLA10514 Multiple vulnerabilities in PHP and plugins

2015-03-30 00:00:00

archlinux

php: remote code execution

2015-01-23 00:00:00

fedora

[SECURITY] Fedora 21 Update: php-5.6.5-1.fc21

2015-02-06 03:59:46

[SECURITY] Fedora 20 Update: php-5.5.21-1.fc20

2015-02-06 04:03:31

securityvulns

[ MDVSA-2015:032 ] php

2015-02-11 00:00:00

PHP multiple security vulnerabilities

2015-02-22 00:00:00

[USN-2501-1] PHP vulnerabilities

2015-02-22 00:00:00

freebsd

Several vulnerabilities found in PHP

2015-03-19 00:00:00

suse

Security update for php5 (important)

2015-02-24 11:05:36

Security update for php5 (important)

2015-05-13 15:07:04

Security update for php53 (important)

2016-06-21 13:08:17

ubuntu

PHP vulnerabilities

2015-04-20 00:00:00

PHP vulnerabilities

2015-02-17 00:00:00

packetstorm

Kerio Control Unified Threat Management Code Execution / XSS / Memory Corruption

2016-09-22 00:00:00

exploitdb

Kerio Control Unified Threat Management 9.1.0 build 1087/9.1.1 build 1324 - Multiple Vulnerabilities

2016-09-22 00:00:00

exploitpack

Kerio Control Unified Threat Management 9.1.0 build 10879.1.1 build 1324 - Multiple Vulnerabilities

2016-09-22 00:00:00

veracode

Denial Of Service (DoS)

2019-05-02 05:39:23

Arbitrary File Write

2019-05-02 05:39:23

Denial Of Service (DoS)

2019-05-02 05:39:23

gentoo

PHP: Multiple vulnerabilities

2015-03-08 00:00:00

PHP: Multiple vulnerabilities

2016-06-19 00:00:00

redhat

(RHSA-2015:1053) Moderate: php55 security and bug fix update

2015-06-04 00:00:00

(RHSA-2015:1066) Important: php54 security and bug fix update

2015-06-04 00:00:00

(RHSA-2015:1135) Important: php security and bug fix update

2015-06-23 00:00:00

oraclelinux

php55 security and bug fix update

2016-02-04 00:00:00

php54 security and bug fix update

2016-02-04 00:00:00

php security and bug fix update

2015-06-23 00:00:00

slackware

[slackware-security] php

2015-04-22 01:22:40

ibm

Security Bulletin: IBM Tealeaf Customer Experience PCA Web UI PHP security issues

2018-06-16 19:50:01

Security Bulletin: Multiple vulnerabilities in php affect IBM Flex System Manger (FSM)

2019-01-31 02:10:01

Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by multiple vulnerabilities in GNU C Library (glibc), krb5 and php

2020-11-02 20:22:51

centos

php security update

2015-06-24 03:28:02

php security update

2015-07-09 19:23:41

rosalinux

Advisory ROSA-SA-2021-1950

2021-07-02 17:57:45

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
OpenSource

@2024 Vulners Inc

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.095 Low

EPSS

Percentile

94.7%

JSON

Related for UB:CVE-2015-2787