Use After Free Vulnerability in unserialize() with GMP

Posted by Taoguang Chen on Sep 07

#Use After Free Vulnerability in unserialize() with GMP

Taoguang Chen <[@chtg](http://github.com/chtg)> – Write Date:
2015.8.17 – Release Date: 2015.9.4

Affected Versions
————
Affected is PHP 5.6 < 5.6.13

Credits
————
This vulnerability was disclosed by Taoguang Chen.

Description
————
“`
static int gmp_unserialize(zval **object, zend_class_entry *ce, const
unsigned char *buf, zend_uint buf_len,…

007 Software