CVE-2016-6290

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.5.38 PHP versions 5.6.x prior to 5.6.24 PHP versions 7.x prior to 7.0.9

Description The issue is related to the improper maintenance of a certain hash data structure in the ext/session/session.c component of PHP. This allows remote attackers to cause a denial of service (use-after-free) or possibly have other unspecified impacts via vectors related to session deserialization. The vulnerability is related to the use of memory after it has been freed, which can be exploited by a remote attacker to cause a denial of service or possibly other effects.

Recommendations For PHP versions prior to 5.5.38, update to version 5.5.38 or later. For PHP versions 5.6.x prior to 5.6.24, update to version 5.6.24 or later. For PHP versions 7.x prior to 7.0.9, update to version 7.0.9 or later.