mirror of
https://github.com/0xMarcio/cve.git
synced 2026-03-27 00:50:19 +01:00
822 B
822 B
CVE-2016-7480
Description
The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data.