Description
Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element.
Remediation
References
Related Vulnerabilities
Vanilla Forums Deserialization of Untrusted Data Vulnerability (CVE-2018-19499)
Oracle Database Server CVE-2019-2518 Vulnerability (CVE-2019-2518)
PHP Other Vulnerability (CVE-2020-7066)
WordPress Plugin Helpful Security Bypass (4.5.14)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-3180)