View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2015-0231 severity low: SUSE including 896 source package names (apache2-mod_php5-5.2.14-0.7.30.64.1, apache2-mod_php5-5.5.14-11.3, …), 1001 product×package rows across 27 product lines (SUSE Liberty Linux 7, SUSE Linux Enterprise Module for Legacy 15 SP4, … (27 product lines)): Fixed 796, Known Not Affected 205.
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142.