Description
Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data.
Remediation
References
Related Vulnerabilities
WordPress Plugin IMPress for IDX Broker Unspecified Vulnerability (2.5.11)
WordPress Plugin Easy Plugin for AdSense Cross-Site Request Forgery (6.06)
Oracle Database Server CVE-2010-0071 Vulnerability (CVE-2010-0071)
WordPress Plugin Simple Matted Thumbnails Cross-Site Scripting (1.01)
IBM WebSEAL Incorrect Default Permissions Vulnerability (CVE-2024-35139)