Description
Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data.
Remediation
References
Related Vulnerabilities
MySQL CVE-2016-0655 Vulnerability (CVE-2016-0655)
WordPress Plugin BuddyPress Global Search Cross-Site Scripting (1.1.0)
XOOPS Other Vulnerability (CVE-2005-3680)
Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-20401)
Ruby on Rails Improper Input Validation Vulnerability (CVE-2008-7248)