Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an __wakeup function, a related issue to CVE-2015-0231.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Information
Published : 2015-03-30 03:59
Updated : 2018-10-30 09:27
NVD link : CVE-2015-2787
Mitre link : CVE-2015-2787
JSON object : View
CWE
Products Affected
redhat
- enterprise_linux_desktop
- enterprise_linux_hpc_node
- enterprise_linux_workstation
- enterprise_linux_server_eus
- enterprise_linux_hpc_node_eus
- enterprise_linux_server
php
- php
apple
- mac_os_x
opensuse
- opensuse