ext/standard/var_unserializer.re in PHP prior to 5.6.26 mishandles object-deserialization failures, which allows remote malicious users to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
php php |