Description
ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object.
Remediation
References
Related Vulnerabilities
Drupal Core 4.5.x Multiple Vulnerabilities (4.5.0 - 4.5.5)
CubeCart Permissions, Privileges, and Access Controls Vulnerability (CVE-2009-3904)
WordPress Plugin FB Survey Pro 'id' Parameter SQL Injection (1.0)
Nginx Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-16845)
WebLogic Inclusion of Functionality from Untrusted Control Sphere Vulnerability (CVE-2018-11040)