|
| Description: | | Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data. |
|
| Impact: | | An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software. |
|
| Affected OS: | | Windows, Other Unix, FreeBSD, Linux |
|
| Reference: | | SecurityFocusBID:95371
SecurityTrackerID:1037659
|
|