cbcvebase.
CVE-2015-0273
published 2015-03-30

CVE-2015-0273: Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to…

PriorityP267high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
41.32%
98.5th percentile
Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handled by the php_date_timezone_initialize_from_hash function or (b) DateTime data handled by the php_date_initialize_from_hash function.

Affected

33 ranges· showing 25
VendorProductVersion rangeFixed in
appleos_x_el_capitan_10.11.1_security_update_2015-004_yosemite_and_security_update_20
appleos_x_el_capitan_v10.11
appleos_x_yosemite_v10.10.4_and_security_update_2015-005
phpphp<= 5.4.37
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp

Detection & IOCsextracted from sources · hover to see the quote

filenameuafpoc.php
  • Detect crafted serialized PHP payloads containing 'R' or 'r' type specifiers targeting DateTimeZone or DateTime objects via unserialize() — these trigger the use-after-free in php_date_timezone_initialize_from_hash / php_date_initialize_from_hash
  • Monitor PHP unserialize() calls processing DateTime, DateTimeZone, DateInterval, or DatePeriod objects with __wakeup() invocations — exploitation abuses the __wakeup() magic method path to achieve use-after-free for memory disclosure or RCE
  • Flag PHP processes spawning interactive shells (e.g., sh) as a child process — the PoC demonstrates code execution via assert+system('sh') through the UAF
  • ·PHP 5.4 < 5.4.38, PHP 5.5 < 5.5.22, and PHP 5.6 < 5.6.6 are affected; Red Hat Enterprise Linux 5 base php packages are NOT affected as they did not include the vulnerable code

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.