CVE-2015-0231 (retired)

Priority
Description
Use-after-free vulnerability in the process_nested_data function in
ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21,
and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code
via a crafted unserialize call that leverages improper handling of
duplicate numerical keys within the serialized properties of an object.
NOTE: this vulnerability exists because of an incomplete fix for
CVE-2014-8142.
Notes
 mdeslaur> incomplete fix of CVE-2014-8142
Assigned-to
mdeslaur
More Information

Updated: 2019-08-23 09:05:16 UTC (commit 436fd4ed4cf0038ddd382cb8649607ace163dda7)