Description
Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via the delimiter argument to the explode function. NOTE: the scope of this issue is limited since most applications would not use an attacker-controlled delimiter, but local attacks against safe_mode are feasible.
Remediation
References
Related Vulnerabilities
WordPress Plugin Fancy Slideshows Security Bypass (2.4)
Jenkins Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-5323)
WordPress Plugin Advanced Text Widget 'page' Parameter Cross-Site Scripting (2.0.0)
WordPress 4.9.x Directory Traversal (4.9 - 4.9.25)
WordPress Plugin Tidio Live Chat Cross-Site Request Forgery (4.1.0)