Description
ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors related to session deserialization.
Remediation
References
Related Vulnerabilities
MySQL CVE-2024-21101 Vulnerability (CVE-2024-21101)
OpenSSL Other Vulnerability (CVE-2010-4180)
WordPress Plugin YARPP-Yet Another Related Posts PHP Object Injection (4.4)
WebERP Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2018-20420)
Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-2890)