Description
The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and negative reference index array underflow" results.
Remediation
References
Related Vulnerabilities
Jboss EAP Other Vulnerability (CVE-2014-3490)
Oracle Database Server CVE-2014-6483 Vulnerability (CVE-2014-6483)
Oracle JRE CVE-2023-21930 Vulnerability (CVE-2023-21930)
Oracle JRE CVE-2024-21217 Vulnerability (CVE-2024-21217)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4592)