Description
The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted serialized data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6834.
Remediation
References
Related Vulnerabilities
WordPress Plugin BIC Media Widget Cross-Site Scripting (1.0)
Next.js Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2022-36046)
Serendipity Other Vulnerability (CVE-2005-1451)
MediaWiki Other Vulnerability (CVE-2004-1405)
WordPress Plugin Web Stories Server-Side Request Forgery (1.24.0)