mirror of
https://github.com/0xMarcio/cve.git
synced 2026-02-13 03:02:49 +00:00
822 B
822 B
CVE-2016-7480
Description
The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data.