CVE-2015-0273
CVE-2015-0273
Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handled by the php_date_timezone_initialize_from_hash function or (b) DateTime data handled by the php_date_initialize_from_hash function.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/36158unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=71335e6ebabc1b12c057d8017fd811892ecdfd24http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.htmlhttp://lists.apple.com/archives/security-announce/2015/Oct/msg00005.htmlhttp://lists.apple.com/archives/security-announce/2015/Sep/msg00008.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-03/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-03/msg00003.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-03/msg00004.htmlhttp://marc.info/?l=bugtraq&m=143403519711434&w=2http://marc.info/?l=bugtraq&m=143748090628601&w=2http://marc.info/?l=bugtraq&m=144050155601375&w=2http://php.net/ChangeLog-5.phphttp://rhn.redhat.com/errata/RHSA-2015-1053.html