PHP ext/session/session.c Denial of Service Vulnerability

PHP is a widely used general-purpose scripting language that is particularly well suited for web development and can be embedded in HTML. A denial of service vulnerability exists in PHP versions prior to 5.5.38, 5.6.x prior to 5.6.24, and 7.x prior to 7.0.9 in which the ext/session/session.c...

CVE-2016-6290

ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via vectors related to session...