Description
Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data.
Remediation
References
Related Vulnerabilities
WordPress Plugin Contact Form 7 Style Cross-Site Request Forgery (3.2)
Ruby Inadequate Encryption Strength Vulnerability (CVE-2021-32066)
WordPress Plugin PayGreen-Ancienne version Cross-Site Request Forgery (4.10.2)
WordPress Plugin Email posts to subscribers Multiple Vulnerabilities (2.0)
MediaWiki Improper Encoding or Escaping of Output Vulnerability (CVE-2020-10960)