Use-after-free vulnerability in PHP 7.x before 7.0.14 allows remote attackers to cause denial of service or unspecified impact via crafted serialized data

CVE-2016-9936 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted serialized data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6834.

Learn more about our Web Application Penetration Testing UK.