Use After Free Vulnerability in unserialize() with SPL ArrayObject

Posted by Taoguang Chen on Aug 07

#Use After Free Vulnerability in unserialize() with SPL ArrayObject

Taoguang Chen <[ () chtg](http://github.com/chtg)> – Write Date:
2015.7.30 – Release Date: 2015.8.7

Affected Versions
————
Affected is PHP 5.6 < 5.6.12
Affected is PHP 5.5 < 5.5.28
Affected is PHP 5.4 < 5.4.44

Credits
————
This vulnerability was disclosed by Taoguang Chen.

Description
————

“`
if (*p!= ‘x’ || *++p !=…

007 Software