Use After Free Vulnerabilities in Session Deserializer

Posted by Taoguang Chen on Sep 07

#Use After Free Vulnerabilities in Session Deserializer

Taoguang Chen <[@chtg](http://github.com/chtg)> – Write Date: 2015.8.9
– Release Date: 2015.9.4

Affected Versions
————
Affected is PHP 5.6 < 5.6.13
Affected is PHP 5.5 < 5.5.29
Affected is PHP 5.4 < 5.4.45

Credits
————
This vulnerability was disclosed by Taoguang Chen.

Description
————
“`
PS_SERIALIZER_DECODE_FUNC(php) /* {{{ */
{

……

007 Software