CVE-2016-7480

Name of the Vulnerable Software and Affected Versions PHP versions prior to 7.0.12

Description The issue is related to the SplObjectStorage unserialize implementation in PHP, which does not properly verify that a key is an object. This allows remote attackers to execute arbitrary code or cause a denial of service due to uninitialized memory access via crafted serialized data. The vulnerability is caused by a buffer overflow in memory, which can be exploited by an attacker to achieve remote code execution or disrupt service.

Recommendations For PHP versions prior to 7.0.12, update to version 7.0.12 or later to resolve the issue.