CVE-2015-0231
published 2015-01-27CVE-2015-0231: Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x…
PriorityP258high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
42.59%
98.5th percentile
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142.
Affected
83 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | mac_os_x | <= 10.6.8 | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | os_x_el_capitan_v10.11 | — | — |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| php | php | <= 5.4.36 | — |
| php | php | <= 5.4.38 | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability is triggered via a crafted unserialize() call exploiting duplicate numerical keys within serialized object properties, targeting the process_nested_data function in ext/standard/var_unserializer.re ↗
- →The vulnerable code path was introduced in PHP >= 5.3.9; versions 5.3.3 and earlier are not affected. Monitor for exploitation attempts against PHP 5.3.9 through 5.4.36, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 ↗
- →Crash/exploitation manifests as a SIGSEGV in zend_get_class_entry() called from object_common2() in var_unserializer.c when processing crafted unserialize input; look for PHP interpreter crashes or segfaults in application logs ↗
- →Upstream fix commit for CVE-2015-0231 can be used to identify patched vs. unpatched binaries or diff-based detection ↗
- ·The process_nested_data() function in Tenable SecurityCenter is only exposed to authenticated users, reducing remote exploitation risk in that product ↗
- ·Red Hat Enterprise Linux 5 and 6 base php packages and php53 on RHEL5 are not affected because the original flaw (CVE-2014-8142) did not affect those versions ↗
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5394-7mcx-63pv: Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2015-0231 [HIGH] GHSA-5394-7mcx-63pv: Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142.
GHSA
GHSA-h66p-6c64-g354: Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer
ghsa_unreviewed·2022-05-14·CVSS 7.5
CVE-2015-2787 [HIGH] GHSA-h66p-6c64-g354: Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an __wakeup function, a related issue to CVE-2015-0231.
OSV
CVE-2015-2787: Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer
osv·2015-03-30·CVSS 7.5
CVE-2015-2787 [HIGH] CVE-2015-2787: Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an __wakeup function, a related issue to CVE-2015-0231.
OSV
php5 vulnerabilities
osv·2015-02-17·CVSS 7.5
CVE-2014-8142 [HIGH] php5 vulnerabilities
php5 vulnerabilities
Stefan Esser discovered that PHP incorrectly handled unserializing objects.
A remote attacker could use this issue to cause PHP to crash, resulting in
a denial of service, or possibly execute arbitrary code. (CVE-2014-8142,
CVE-2015-0231)
Brian Carpenter discovered that the PHP CGI component incorrectly handled
invalid files. A local attacker could use this issue to obtain sensitive
information, or possibly execute arbitrary code. This issue only affected
Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2014-9427)
It was discovered that PHP incorrectly handled certain pascal strings in
the fileinfo extension. A remote attacker could possibly use this issue to
cause PHP to crash, resulting in a denial of service. This issue only
affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CV
OSV
CVE-2015-0231: Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer
osv·2015-01-27·CVSS 7.5
CVE-2015-0231 [HIGH] CVE-2015-0231: Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142.
CISA ICS
Festo Didactic SE MES PC
cisa_ics·2026-01-27·CVSS 7.5
[HIGH] Festo Didactic SE MES PC
ICS Advisory
##
Festo Didactic SE MES PC
Release DateJanuary 27, 2026
Alert CodeICSA-26-027-02
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## Summary
MES PCs shipped with Windows 10 come pre-installed with XAMPP. XAMPP is a bundle of third-party open-source applications including the Apache HTTP Server, the MariaDB database and more. From time to time, vulnerabilities in these applications are discovered. These are fixed in newer versions of XAMPP by updating the bundled applications. MES PCs shipped with Windows 10 include a copy of XAMPP which contains around 140 such vulnerabilities listed in this advisory. They can be fixed by replacing XAMPP with Festo Didactic's Factory Control Panel application.
The
Red Hat
php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re
vendor_redhat·2015-03-02·CVSS 7.5
CVE-2015-2787 [HIGH] CWE-416 php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re
php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an __wakeup function, a related issue to CVE-2015-0231.
A flaws was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code.
Package: php (Red Hat Enterprise Linux 5) - Under investigation
Package: php53 (Red Hat Enterprise Linux 5) - Will not fix
P
Ubuntu
PHP vulnerabilities
vendor_ubuntu·2015-02-17·CVSS 7.5
CVE-2014-8142 [HIGH] PHP vulnerabilities
Title: PHP vulnerabilities
Summary: Several security issues were fixed in PHP.
Stefan Esser discovered that PHP incorrectly handled unserializing objects.
A remote attacker could use this issue to cause PHP to crash, resulting in
a denial of service, or possibly execute arbitrary code. (CVE-2014-8142,
CVE-2015-0231)
Brian Carpenter discovered that the PHP CGI component incorrectly handled
invalid files. A local attacker could use this issue to obtain sensitive
information, or possibly execute arbitrary code. This issue only affected
Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2014-9427)
It was discovered that PHP incorrectly handled certain pascal strings in
the fileinfo extension. A remote attacker could possibly use this issue to
cause PHP to crash, resulting in a denial of service. This
Red Hat
php: use after free vulnerability in unserialize() (incomplete fix of CVE-2014-8142)
vendor_redhat·2015-01-01·CVSS 7.5
CVE-2015-0231 [HIGH] CWE-416 php: use after free vulnerability in unserialize() (incomplete fix of CVE-2014-8142)
php: use after free vulnerability in unserialize() (incomplete fix of CVE-2014-8142)
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142.
A use-after-free flaw was found in the way PHP's unserialize() function processed data. If a remote attacker was able to pass crafted input to PHP's unserialize() function, they could cause the PHP interpreter to crash or, possibly, execute arbitrary code.
Statement: This iss
Apple
CVE-2015-0231: OS X El Capitan v10.11
vendor_apple·CVSS 7.5
CVE-2015-0231 [HIGH] CVE-2015-0231: OS X El Capitan v10.11
Apple Security Update: About the security content of OS X El Capitan v10.11
Product: OS X El Capitan v10.11
CVE: CVE-2015-0231
Component: CVE-2015-0231
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2015-2787 php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re
bugzilla·2015-03-31·CVSS 7.5
CVE-2015-2787 [HIGH] CVE-2015-2787 php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re
CVE-2015-2787 php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re
Common Vulnerabilities and Exposures assigned an identifier CVE-2015-2787 to
the following vulnerability:
Name: CVE-2015-2787
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2787
Assigned: 20150329
Reference: https://gist.github.com/smalyshev/eea9eafc7c88a4a6d10d
Use-after-free vulnerability in the process_nested_data function in
ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before
5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute
arbitrary code via a crafted unserialize call that leverages use of
the unset function within an __wakeup function, a related issue to
CVE-2015-0231.
Discussion:
Created php tracking bugs for this
Bugzilla
CVE-2015-0231 php: use after free vulnerability in unserialize() (incomplete fix of CVE-2014-8142)
bugzilla·2015-01-23·CVSS 7.5
CVE-2015-0231 [HIGH] CVE-2015-0231 php: use after free vulnerability in unserialize() (incomplete fix of CVE-2014-8142)
CVE-2015-0231 php: use after free vulnerability in unserialize() (incomplete fix of CVE-2014-8142)
It was discovered that the fix for CVE-2014-8142 (use after free vulnerability in unserialize(), see bug 1175718) was incomplete.
Upstream bug:
https://bugs.php.net/bug.php?id=68710
Upstream commit:
http://git.php.net/?p=php-src.git;a=commitdiff;h=b585a3aed7880a5fa5c18e2b838fc96f40e075bd
Discussion:
Fixed upstream in PHP 5.6.5, 5.5.21, and 5.4.37:
http://php.net/ChangeLog-5.php#5.6.5
http://php.net/ChangeLog-5.php#5.5.21
http://php.net/ChangeLog-5.php#5.4.37
---
When will updated package for php-5.3.3 in RHEL6 release?
---
AS for CVE-2014-8142, PHP 5.3 is not affected but this vulnerability.
---
(this is not redhat system below)
PHP 5.3.3 may not be affected, but my PHP 5.3.29 do
Bugzilla
CVE-2014-8142 php: use after free vulnerability in unserialize()
bugzilla·2014-12-18·CVSS 7.5
CVE-2014-8142 [HIGH] CVE-2014-8142 php: use after free vulnerability in unserialize()
CVE-2014-8142 php: use after free vulnerability in unserialize()
A use-after-free flaw was found in PHP unserialize(). An untrusted input could cause PHP interpreter to crash or, possibly, execute arbitrary code when processed using unserialize().
Upstream bug (currently private):
https://bugs.php.net/bug.php?id=68594
Upstream commit:
http://git.php.net/?p=php-src.git;a=commitdiff;h=630f9c33c23639de85c3fd306b209b538b73b4c9
http://git.php.net/?p=php-src.git;a=commitdiff;h=53f129a44d3c4ec0fae57993b9ae2f6cb48973cc
Note that unserialize() is unsafe for use on untrusted inputs, as is documented in the PHP manual for the function:
http://php.net/manual/en/function.unserialize.php
Discussion:
Statement:
This issue did not affect the versions of php as shipped with Red Hat Enterprise Lin
Talos
Research Spotlight: Exploiting Use-After-Free Vulnerabilities
blogs_talos·2015-03-17·CVSS 9.3
[CRITICAL] Research Spotlight: Exploiting Use-After-Free Vulnerabilities
This blog post was authored by Earl Carter & Yves Younan.
Talos is constantly researching the ways in which threat actors take advantage of security weaknesses to exploit systems. Yves Younan of Talos will be presenting at CanSecWest on Friday March 20th. The topic of his talk will be FreeSentry, a software-based mitigation technique developed by Talos to protect against exploitation of use-after-free vulnerabilities. Use-after-free vulnerabilities have become an important class of security problems due to the existence of mitigations that protect against other types of vulnerabilities, such as buffer overflows.
Just examining the CVE entries for 2015, you can already see over 20 use-after-free vulnerabilities that have already been identified, impacting various common software applicati
Talos
Research Spotlight: Exploiting Use-After-Free Vulnerabilities
blogs_talos·2015-03-17·CVSS 9.3
[CRITICAL] Research Spotlight: Exploiting Use-After-Free Vulnerabilities
## Research Spotlight: Exploiting Use-After-Free Vulnerabilities
This blog post was authored by Earl Carter & Yves Younan .
Talos is constantly researching the ways in which threat actors take advantage of security weaknesses to exploit systems. Yves Younan of Talos will be presenting at CanSecWest on Friday March 20th. The topic of his talk will be FreeSentry , a software-based mitigation technique developed by Talos to protect against exploitation of use-after-free vulnerabilities. Use-after-free vulnerabilities have become an important class of security problems due to the existence of mitigations that protect against other types of vulnerabilities, such as buffer overflows.
Just examining the CVE entries for 2015, you can already see over 20 use-after-free vulnerabilities that have
Tenable
[R5] Tenable Products Affected by PHP < 5.5.21 / 5.4.37 Vulnerabilities
blogs_tenable·2015-02-03
[R5] Tenable Products Affected by PHP < 5.5.21 / 5.4.37 Vulnerabilities
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
http://advisories.mageia.org/MGASA-2015-0040.htmlhttp://lists.apple.com/archives/security-announce/2015/Sep/msg00008.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-02/msg00029.htmlhttp://lists.opensuse.org/opensuse-updates/2015-02/msg00079.htmlhttp://marc.info/?l=bugtraq&m=143403519711434&w=2http://marc.info/?l=bugtraq&m=143748090628601&w=2http://marc.info/?l=bugtraq&m=144050155601375&w=2http://rhn.redhat.com/errata/RHSA-2015-1053.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1066.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1135.htmlhttp://www.debian.org/security/2015/dsa-3195http://www.mandriva.com/security/advisories?name=MDVSA-2015:032http://www.mandriva.com/security/advisories?name=MDVSA-2015:079http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlhttp://www.php.net/ChangeLog-5.phphttp://www.securityfocus.com/bid/72539https://bugs.php.net/bug.php?id=68710https://bugzilla.redhat.com/show_bug.cgi?id=1185397https://github.com/php/php-src/commit/b585a3aed7880a5fa5c18e2b838fc96f40e075bdhttps://security.gentoo.org/glsa/201503-03https://security.gentoo.org/glsa/201606-10https://support.apple.com/HT205267http://advisories.mageia.org/MGASA-2015-0040.htmlhttp://lists.apple.com/archives/security-announce/2015/Sep/msg00008.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-02/msg00029.htmlhttp://lists.opensuse.org/opensuse-updates/2015-02/msg00079.htmlhttp://marc.info/?l=bugtraq&m=143403519711434&w=2http://marc.info/?l=bugtraq&m=143748090628601&w=2http://marc.info/?l=bugtraq&m=144050155601375&w=2http://rhn.redhat.com/errata/RHSA-2015-1053.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1066.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1135.htmlhttp://www.debian.org/security/2015/dsa-3195http://www.mandriva.com/security/advisories?name=MDVSA-2015:032http://www.mandriva.com/security/advisories?name=MDVSA-2015:079http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlhttp://www.php.net/ChangeLog-5.phphttp://www.securityfocus.com/bid/72539https://bugs.php.net/bug.php?id=68710https://bugzilla.redhat.com/show_bug.cgi?id=1185397https://github.com/php/php-src/commit/b585a3aed7880a5fa5c18e2b838fc96f40e075bdhttps://security.gentoo.org/glsa/201503-03https://security.gentoo.org/glsa/201606-10https://support.apple.com/HT205267
2015-01-27
Published