CVE-2016-9138

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.6.28 PHP versions 7.x prior to 7.0.13

Description The issue is related to the mishandling of property modification during wakeup processing in PHP, allowing remote attackers to cause a denial of service or possibly have other impacts via crafted serialized data. This can be demonstrated by Exception:: toString with DateInterval:: wakeup, which involves the use of memory after it has been freed.

Recommendations For PHP versions prior to 5.6.28, update to version 5.6.28 or later to resolve the issue. For PHP versions 7.x prior to 7.0.13, update to version 7.0.13 or later to resolve the issue. As a temporary workaround, consider restricting the use of the wakeup function in PHP until a patch is applied.