PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.

In all versions of PHP 7, during the unserialization process, resizing ...

In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution.

Уязвимость интерпретатора PHP, позволяющая нарушителю выполнить произвольный код

The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data.

The SplObjectStorage unserialize implementation in ext/spl/spl_observe ...

The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data.

Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data.

Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandle ...

Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876.

Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x befo ...