EUVD-2010-2241

Malware in sbrugna...

CVE-2025-9083

The Ninja Forms WordPress plugin before 3.11.1 unserializes user input via form field, which could allow Unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...

Debian: Security Advisory (DSA-2089-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2007-1711

Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 allows context-dependent attackers to execute arbitrary code by overwriting variables pointing to 1 the GLOBALS array or 2 the session data in SESSION. NOTE: this issue was introduced when attempting to patch CVE-2007-1701...

SUSE CVE-2010-2225

Use-after-free vulnerability in the SplObjectStorage unserializer in PHP 5.2.x and 5.3.x through 5.3.2 allows remote attackers to execute arbitrary code or obtain sensitive information via serialized data, related to the PHP unserialize function...

SUSE CVE-2015-2787

Use-after-free vulnerability in the processnesteddata function in ext/standard/varunserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an...

SUSE CVE-2017-12932

ext/standard/varunserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x through 7.1.8 is prone to a heap use after free while unserializing untrusted data, related to improper use of the hash API for key deletion in a situation with an invalid array size. Exploitation of this issue can have an...

SUSE CVE-2017-12933

The finishnesteddata function in ext/standard/varunserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of PHP...

The vulnerability of the `ext/standard/var_unserializer.re` component in the PHP programming language allows a perpetrator to cause a service failure or potentially have other adverse effects.

The vulnerability of the ext/standard/varunserializer.re component in the PHP programming language arises due to buffer overflow. Exploiting this vulnerability can allow an attacker to cause service failures or potentially have other effects through unserialized calls that reference partially...

The vulnerability of the `ext/standard/var_unserializer.re` component in the PHP programming language allows a attacker to compromise data integrity.

The vulnerability of the ext/standard/varunserializer.re component in the PHP programming language lies in the use of memory after it is freed. Exploiting this vulnerability allows an attacker to compromise data integrity...

php: Heap use after free in ext/standard/var_unserializer.re

ext/standard/varunserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x through 7.1.8 is prone to a heap use after free while unserializing untrusted data, related to improper use of the hash API for key deletion in a situation with an invalid array size. Exploitation of this issue can have an...

php: Heap use after free in ext/standard/var_unserializer.re

ext/standard/varunserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x through 7.1.8 is prone to a heap use after free while unserializing untrusted data, related to improper use of the hash API for key deletion in a situation with an invalid array size. Exploitation of this issue can have an...

The vulnerability of the `finish_nested_data` function in the PHP interpreter allows a attacker to potentially compromise the integrity of data.

The vulnerability of the finishnesteddata function in the PHP interpreter’s ext/standard/varunserializer.re module arises from the execution of an operation outside the buffer in memory. Exploiting this vulnerability could allow a remote attacker to potentially compromise the integrity of PHP dat...

A vulnerability exists in the ext/standard/var_unserializer.re PHP hypertext processor, which allows an attacker to potentially compromise the integrity of data.

The vulnerability in ext/standard/varunserializer.re of the PHP hypertext processor is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker, operating remotely, to potentially compromise the integrity of PHP data...

Design/Logic Flaw

ext/standard/varunserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x through 7.1.8 is prone to a heap use after free while unserializing untrusted data, related to improper use of the hash API for key deletion in a situation with an invalid array size. Exploitation of this issue can have an...

UBUNTU-CVE-2017-12934

ext/standard/varunserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x before 7.1.7 is prone to a heap use after free while unserializing untrusted data, related to the zvalgettype function in Zend/zendtypes.h. Exploitation of this issue can have an unspecified impact on the integrity of PHP...

PHP ext/standard/var_unserializer.re Buffer Overflow Vulnerability

PHP is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. A buffer overflow vulnerability exists in PHP ext/standard/varunserializer.re, which could be exploited by remote attackers to submit a special request and execute arbitrar...

PHP ext/standard/var_unserializer.re heap buffer overflow vulnerability (CNVD-2017-29192)

PHP is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. A heap buffer overflow vulnerability exists in PHP ext/standard/varunserializer.re, which could be exploited by remote attackers to submit a special request and execute...

PHP Denial of Service Vulnerability (CNVD-2017-01944)

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. The language supports multiple syntaxes, multiple databases and operating systems, and support for C, C++ for program extensions and so on. A...

PHP process_nested_data function memory misreference vulnerability

PHP is a popular programming language. A memory misreference vulnerability in the processnesteddata function in PHP ext/standard/varunserializer.re allows remote attackers to execute arbitrary code using special unserialized calls...