Yannayl

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 7.0.12 **Description** The issue is related to the SplObjectStorage unserialize implementation in PHP, which does not properly verify that a key is an object. This allows remote attackers to execute arbitrary code or cause a denial of service due to uninitialized memory access via crafted serialized data. The vulnerability is caused by a buffer overflow in memory, which can be exploited by an attacker to achieve remote code execution or disrupt service. **Recommendations** For PHP versions prior to 7.0.12, update to version 7.0.12 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 7.x (no specific end version mentioned, as the issue affects all versions of PHP 7) **Description** The issue is related to a use-after-free error in the PHP interpreter, specifically during the unserialization process of a serialized object. This occurs when the 'properties' hash table of the object is resized. A remote attacker may exploit this bug to gain arbitrary code execution. The estimated number of potentially affected devices worldwide is not provided, and there is no information about real-world incidents where this issue was exploited. **Recommendations** For PHP versions prior to 7.x: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.6.28 PHP versions prior to 7.0.13 **Description** The issue is related to the Zend/zend exceptions.c component of the PHP interpreter, which can enter an infinite loop. This can be exploited by a remote attacker to cause a denial of service through a crafted Exception object in serialized data. **Recommendations** For PHP versions prior to 5.6.28, update to version 5.6.28 or later to resolve the issue. For PHP versions prior to 7.0.13, update to version 7.0.13 or later to resolve the issue.