CVE-2015-0231
Publication date 27 January 2015
Last updated 24 July 2024
Ubuntu priority
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142.
Status
Package | Ubuntu Release | Status |
---|---|---|
php5 | ||
14.04 LTS trusty |
Fixed 5.5.9+dfsg-1ubuntu4.6
|
|
Notes
Patch details
Package | Patch details |
---|---|
php5 |
References
Related Ubuntu Security Notices (USN)
- USN-2501-1
- PHP vulnerabilities
- 17 February 2015