Description
ext/standard/var_unserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x through 7.1.8 is prone to a heap use after free while unserializing untrusted data, related to improper use of the hash API for key deletion in a situation with an invalid array size. Exploitation of this issue can have an unspecified impact on the integrity of PHP.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2013-0423 Vulnerability (CVE-2013-0423)
WordPress Plugin 404 to 301-Redirect, Log and Notify 404 Errors SQL Injection (2.0.2)
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-9015)
Drupal Core 8.x.x Cross-Site Request Forgery (8.0.0 - 8.7.14)
Joomla! Core 1.0.x Multiple Cross-Site Scripting Vulnerabilities (1.0.0 - 1.0.10)