Description

ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object.

Remediation

References

CVE-2016-7411

Related Vulnerabilities

WordPress Plugin WP Link To Us Multiple Cross-Site Scripting Vulnerabilities (2.0)

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Privilege Escalation (2.6.6)

Werkzeug WSGI Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2023-25577)

MySQL CVE-2020-14845 Vulnerability (CVE-2020-14845)

WordPress Plugin Social Sharing-Sassy Social Share PHP Object Injection (3.3.23)

Severity

Critical

Classification

CVE-2016-7411 CWE-119 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities