Description
Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote attackers to execute arbitrary code via an argument to the unserialize PHP function with a large value for the number of array elements, which triggers the overflow in the Zend Engine ecalloc function (Zend/zend_alloc.c).
Remediation
References
Related Vulnerabilities
PHP Use After Free Vulnerability (CVE-2016-5773)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-1161)
Apache HTTP Server Other Vulnerability (CVE-2002-0257)
WordPress Plugin Sign-up Sheets Cross-Site Scripting (1.0.13)
WordPress Plugin CMS Tree Page View Cross-Site Request Forgery (1.2.4)