Description
ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object.
Remediation
References
Related Vulnerabilities
WordPress 1.5.1.2 Multiple Vulnerabilities (1.0 - 1.5.1.2)
WordPress Plugin Kanzu Support Desk-WordPress Helpdesk Remote Code Execution (2.4.6)
Drupal Core 8.0.x Multiple Vulnerabilities (8.0.0 - 8.0.3)
PHP Numeric Errors Vulnerability (CVE-2010-4409)
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-9048)