What is CVE-2015-0231?

CVE-2015-0231 is a vulnerability in Php. Published 2015-01-27.

Is CVE-2015-0231 known to be exploited?

7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Php

CVE-2015-0231

Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserial…

EPSS: 0.873 (99.5th percentile) — read the EPSS interpretation.

Affected products

Php — versions 5.4.0, 5.4.1, 5.4.2
N/a — versions n/a

Public proof-of-concept exploits

References

MDVSA-2015:032 (vendor-advisory, x_refsource_MANDRIVA)
DSA-3195 (vendor-advisory, x_refsource_DEBIAN)
HPSBMU03409 (x_refsource_HP, vendor-advisory)
secalert@redhat.com (x_refsource_CONFIRM)
SUSE-SU-2015:0365 (vendor-advisory, x_refsource_SUSE)
APPLE-SA-2015-09-30-3 (vendor-advisory, x_refsource_APPLE)
HPSBMU03380 (x_refsource_HP, vendor-advisory)
secalert@redhat.com (x_refsource_CONFIRM)
MDVSA-2015:079 (vendor-advisory, x_refsource_MANDRIVA)
secalert@redhat.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2015-0231?: CVE-2015-0231 is a vulnerability in Php. Published 2015-01-27.
Is CVE-2015-0231 known to be exploited?: 7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.