Description
ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors related to session deserialization.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2020-2510 Vulnerability (CVE-2020-2510)
Ruby on Rails URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2021-22903)
WordPress Plugin Gallery-Flagallery Photo Portfolio SQL Injection (2.55)
Jboss EAP Uncontrolled Resource Consumption Vulnerability (CVE-2016-8610)
WordPress Plugin Quick Contact Form Cross-Site Scripting (6.0)