2 matches found
PHP Core unserialize process nested data Use After Free (CVE-2014-8142)
A code execution vulnerability has been reported in PHP core. The vulnerability is due to a use after free error when handling serialized objects with identical keys within the unserialize function. A remote attacker can exploit the vulnerability by sending crafted serialized data to a web...
PHP Core unserialize Function Integer Overflow (CVE-2014-3669)
A code execution vulnerability has been reported in PHP core. The vulnerability is due to an integer overflow within the unserialize function. A remote attacker can exploit the vulnerability by sending crafted serialize data to a web application running a vulnerable version of PHP. A successful...