Use-After-Free

PHP is vulnerable to use-after-free vulnerability. This is because the ext/standard/varunserializer.re in PHP is prone to a heap use after free while unserializing untrusted data, related to improper use of the hash API for key deletion in a situation with an invalid array size. This could impact...

Use-After-Free

PHP is vulnerable to use-after-free vulnerability. The vulnerability exists in ext/standard/varunserializer.re in PHP and related to the zvalgettype function in Zend/zendtypes.h causing an unspecified impact on the integrity of PHP...

Arbitrary Code Execution

php55 is vulnerable to arbitrary code execution attacks. The vulnerability exists as a use-after-free vulnerability in the processnesteddata function in ext/standard/varunserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary...

Design/Logic Flaw

The finishnesteddata function in ext/standard/varunserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of PHP...

CVE-2017-12932

The CVE-2017-12932 issue affects PHP 7.0.x (up to 7.0.22) and 7.1.x (up to 7.1.8) due to a heap use-after-free in ext/standard/var_unserializer.re, caused by improper use of the hash API for key deletion in a scenario with an invalid array size. Impact is described as potentially affecting integr...

PHP < 5.6.26 DoS Vulnerability - Linux

PHP is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...

CVE-2015-2787

Use-after-free vulnerability in the processnesteddata function in ext/standard/varunserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an...

PHP multiple security vulnerabilities

exifprocessunicode DoS, varunserializer.re code execution, information disclosure...

PHP 5.5.x < 5.5.20 'process_nested_data' RCE

According to its banner, the version of PHP 5.5.x installed on the remote host is prior to 5.5.20. It is, therefore, affected by a use-after-free error in the 'processnesteddata' function within 'ext/standard/varunserializer.re' due to improper handling of duplicate keys within the serialized...

PHP 5.6.x < 5.6.4 'process_nested_data' RCE

According to its banner, the version of PHP 5.6.x installed on the remote host is prior to 5.6.4. It is, therefore, affected by a use-after-free error in the 'processnesteddata' function within 'ext/standard/varunserializer.re' due to improper handling of duplicate keys within the serialized...