Type Confusion Infoleak and Heap Overflow Vulnerability in unserialize() with exception

Posted by Taoguang Chen on Apr 29

# Type Confusion Infoleak and Heap Overflow Vulnerability in
unserialize() with exception

Taoguang Chen <[ () chtg](http://github.com/chtg)> – Write Date: 2015.3.3
– Release Date: 2015.4.28

Affected Versions
————
Affected is PHP 5.6 < 5.6.8
Affected is PHP 5.5 < 5.5.24
Affected is PHP 5.4 < 5.4.40

Credits
————
This vulnerability was disclosed by Taoguang Chen.

Description
————
“`
ZEND_METHOD(exception,…

007 Software