Taoguangchen

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.6.28 PHP versions 7.x prior to 7.0.13 **Description** The issue is related to a NULL pointer dereference in the ext/wddx/wddx.c component of the PHP interpreter. This can be exploited by remote attackers using crafted serialized data in a wddxPacket XML document, such as a PDORow string, to cause a denial of service. **Recommendations** For PHP versions prior to 5.6.28, update to version 5.6.28 or later. For PHP versions 7.x prior to 7.0.13, update to version 7.0.13 or later.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.6.27 PHP versions 7.x prior to 7.0.12 **Description** The issue is related to a use-after-free vulnerability in the CURLFile implementation. This vulnerability can be exploited by remote attackers using crafted serialized data that is mishandled during wakeup processing, potentially leading to a denial of service or other unspecified impacts. **Recommendations** For PHP versions prior to 5.6.27, update to version 5.6.27 or later. For PHP versions 7.x prior to 7.0.12, update to version 7.0.12 or later.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.6.26 **Description** The issue is related to the mishandling of object-deserialization failures in the `ext/standard/var unserializer.re` component of PHP. This could allow remote attackers to cause a denial of service (memory corruption) or possibly have other unspecified impacts via an `unserialize` call that references a partially constructed object. **Recommendations** For versions prior to 5.6.26, update to version 5.6.26 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `unserialize` function to minimize the risk of exploitation. Avoid using the `unserialize` function on untrusted input until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.6.25 PHP versions 7.x prior to 7.0.10 **Description** The issue exists due to the failure to neutralize special elements in the ext/session/session.c component of the PHP interpreter. This allows a remote attacker to modify user session data by injecting arbitrary-type session data, potentially demonstrated through object injection, by leveraging control of a session name. **Recommendations** For PHP versions prior to 5.6.25, update to version 5.6.25 or later. For PHP versions 7.x prior to 7.0.10, update to version 7.0.10 or later.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.6.25 PHP versions 7.x prior to 7.0.10 **Description** The issue is related to the `ext/standard/var unserializer.c` component in PHP, which mishandles certain invalid objects. This can be exploited by remote attackers using crafted serialized data, potentially leading to a denial of service or other unspecified impact. The exploitation may involve a ` destruct` call or a magic method call. **Recommendations** For PHP versions prior to 5.6.25, update to version 5.6.25 or later. For PHP versions 7.x prior to 7.0.10, update to version 7.0.10 or later.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.5.38 PHP versions 5.6.x prior to 5.6.24 PHP versions 7.x prior to 7.0.9 **Description** The issue is related to the improper maintenance of a certain hash data structure in the ext/session/session.c component of PHP. This allows remote attackers to cause a denial of service (use-after-free) or possibly have other unspecified impacts via vectors related to session deserialization. The vulnerability is related to the use of memory after it has been freed, which can be exploited by a remote attacker to cause a denial of service or possibly other effects. **Recommendations** For PHP versions prior to 5.5.38, update to version 5.5.38 or later. For PHP versions 5.6.x prior to 5.6.24, update to version 5.6.24 or later. For PHP versions 7.x prior to 7.0.9, update to version 7.0.9 or later.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.5.38 PHP versions 5.6.x prior to 5.6.24 PHP versions 7.x prior to 7.0.9 **Description** The issue is related to improper interaction between the unserialize implementation and garbage collection in the ext/snmp/snmp.c component of PHP. This allows remote attackers to cause a denial of service, resulting in a use-after-free and application crash, or possibly have other unspecified impacts via crafted serialized data. **Recommendations** For PHP versions prior to 5.5.38, update to version 5.5.38 or later. For PHP versions 5.6.x prior to 5.6.24, update to version 5.6.24 or later. For PHP versions 7.x prior to 7.0.9, update to version 7.0.9 or later.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.5.37 PHP versions 5.6.x prior to 5.6.23 **Description** The issue is caused by an integer overflow in the SplFileObject::fread function, which can be exploited by remote attackers to cause a denial of service or possibly have other unspecified impacts via a large integer argument. **Recommendations** For PHP versions prior to 5.5.37, update to version 5.5.37 or later. For PHP versions 5.6.x prior to 5.6.23, update to version 5.6.23 or later.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.5.36 PHP versions 5.6.x prior to 5.6.22 **Description** The issue is caused by an integer overflow in the `php escape html entities ex` function. This can be exploited by remote attackers to cause a denial of service or possibly have other unspecified impacts by triggering a large output string from a `FILTER SANITIZE FULL SPECIAL CHARS` `filter var` call. **Recommendations** For PHP versions prior to 5.5.36, update to version 5.5.36 or later. For PHP versions 5.6.x prior to 5.6.22, update to version 5.6.22 or later.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.5.36 PHP versions 5.6.x prior to 5.6.22 **Description** The issue is caused by an integer overflow in the `php html entities` function, which can be triggered by a large output string from the `htmlspecialchars` function. This can allow remote attackers to cause a denial of service or possibly have other unspecified impacts. **Recommendations** For PHP versions prior to 5.5.36, update to version 5.5.36 or later. For PHP versions 5.6.x prior to 5.6.22, update to version 5.6.22 or later.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.4.45 PHP versions 5.5.x prior to 5.5.29 PHP versions 5.6.x prior to 5.6.13 **Description** The issue is related to the session deserializer in PHP, which mishandles multiple `php var unserialize` calls. This allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted session content. **Recommendations** For PHP versions prior to 5.4.45, update to version 5.4.45 or later. For PHP versions 5.5.x prior to 5.5.29, update to version 5.5.29 or later. For PHP versions 5.6.x prior to 5.6.13, update to version 5.6.13 or later.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.4.45 PHP versions 5.5.x prior to 5.5.29 PHP versions 5.6.x prior to 5.6.13 **Description** The issue is related to multiple use-after-free vulnerabilities in PHP, which can be exploited by a remote attacker to execute arbitrary code. This is achieved through vectors related to the `Serializable` interface, the `SplObjectStorage` class, and the `SplDoublyLinkedList` class, which are mishandled during unserialization. **Recommendations** For PHP versions prior to 5.4.45, update to version 5.4.45 or later. For PHP versions 5.5.x prior to 5.5.29, update to version 5.5.29 or later. For PHP versions 5.6.x prior to 5.6.13, update to version 5.6.13 or later. As a temporary workaround, consider restricting the use of the `Serializable` interface, the `SplObjectStorage` class, and the `SplDoublyLinkedList` class to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.4.44 PHP versions 5.5.x prior to 5.5.28 PHP versions 5.6.x prior to 5.6.12 **Description** The issue is related to multiple use-after-free vulnerabilities in the SPL library of the PHP interpreter, which can be exploited by a remote attacker to execute arbitrary code. This can be achieved through vectors involving the `ArrayObject`, `SplObjectStorage`, and `SplDoublyLinkedList` classes, which are mishandled during unserialization. **Recommendations** For PHP versions prior to 5.4.44, update to version 5.4.44 or later. For PHP versions 5.5.x prior to 5.5.28, update to version 5.5.28 or later. For PHP versions 5.6.x prior to 5.6.12, update to version 5.6.12 or later. As a temporary workaround, consider restricting the use of the `ArrayObject`, `SplObjectStorage`, and `SplDoublyLinkedList` classes during unserialization until a patch is available.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.4.40 PHP versions 5.5.x prior to 5.5.24 PHP versions 5.6.x prior to 5.6.8 **Description** The issue is related to "type confusion" problems in several SoapClient methods, including `SoapClient:: getLastRequest`, `SoapClient:: getLastResponse`, `SoapClient:: getLastRequestHeaders`, `SoapClient:: getLastResponseHeaders`, `SoapClient:: getCookies`, and `SoapClient:: setCookie`. This can be exploited by remote attackers to cause a denial of service or possibly execute arbitrary code via an unexpected data type. **Recommendations** For PHP versions prior to 5.4.40, update to version 5.4.40 or later. For PHP versions 5.5.x prior to 5.5.24, update to version 5.5.24 or later. For PHP versions 5.6.x prior to 5.6.8, update to version 5.6.8 or later.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.6.7 **Description** The issue is related to type confusion errors in the ext/soap/php encoding.c, ext/soap/php http.c, and ext/soap/soap.c functions of the PHP interpreter. This could allow a remote attacker to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type. **Recommendations** For PHP versions prior to 5.6.7, update to version 5.6.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the SOAP extension to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.4.40 PHP versions 5.5.x prior to 5.5.24 PHP versions 5.6.x prior to 5.6.8 **Description** The issue is related to a "type confusion" problem in the SoapFault:: toString method, allowing remote attackers to obtain sensitive information, cause a denial of service, or possibly execute arbitrary code via an unexpected data type. **Recommendations** For PHP versions prior to 5.4.40, update to version 5.4.40 or later. For PHP versions 5.5.x prior to 5.5.24, update to version 5.5.24 or later. For PHP versions 5.6.x prior to 5.6.8, update to version 5.6.8 or later.