Unrated severityNVD Advisory· Published Mar 30, 2015· Updated May 6, 2026

CVE-2015-0273

Description

Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handled by the php_date_timezone_initialize_from_hash function or (b) DateTime data handled by the php_date_initialize_from_hash function.

Affected products

osv-coords6 versions
pkg:rpm/opensuse/php5&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/php7&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/php8&distro=openSUSE%20Tumbleweed pkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSS pkg:rpm/suse/php5&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012 pkg:rpm/suse/php5&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012
< 5.6.28-1.1+ 5 more
- (no CPE)range: < 5.6.28-1.1
- (no CPE)range: < 7.0.14-1.4
- (no CPE)range: < 8.0.11-1.1
- (no CPE)range: < 5.3.17-47.1
- (no CPE)range: < 5.5.14-15.1
- (no CPE)range: < 5.5.14-15.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.057
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000