Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-2787

Опубликовано: 02 мар. 2015
Источник: redhat
CVSS2: 4
EPSS Средний

Описание

Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an __wakeup function, a related issue to CVE-2015-0231.

A flaws was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5phpUnder investigation
Red Hat Enterprise Linux 5php53Will not fix
Red Hat Software Collectionsphp54-phpAffected
Red Hat Software Collectionsphp55-phpAffected
Red Hat Software Collectionsrh-php56-phpNot affected
Red Hat Enterprise Linux 6phpFixedRHSA-2015:121809.07.2015
Red Hat Enterprise Linux 7phpFixedRHSA-2015:113523.06.2015
Red Hat Software Collections for Red Hat Enterprise Linux 6php55FixedRHSA-2015:105304.06.2015
Red Hat Software Collections for Red Hat Enterprise Linux 6php55-phpFixedRHSA-2015:105304.06.2015
Red Hat Software Collections for Red Hat Enterprise Linux 6php54FixedRHSA-2015:106604.06.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=1207676php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re

EPSS

Процентиль: 96%
0.29637
Средний

4 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-2787

ubuntu
около 10 лет назад

Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an __wakeup function, a related issue to CVE-2015-0231.

nvd логотип

CVE-2015-2787

nvd
около 10 лет назад

Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an __wakeup function, a related issue to CVE-2015-0231.

debian логотип

CVE-2015-2787

debian
около 10 лет назад

Use-after-free vulnerability in the process_nested_data function in ex ...

github логотип

GHSA-h66p-6c64-g354

github
около 3 лет назад

Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an __wakeup function, a related issue to CVE-2015-0231.

fstec логотип

BDU:2015-09848

fstec
около 10 лет назад

Уязвимость интерпретатора PHP, позволяющая удалённому злоумышленнику выполнить произвольный код

EPSS

Процентиль: 96%
0.29637
Средний

4 Medium

CVSS2