Skip to content

Instantly share code, notes, and snippets.

@chtg
chtg / .md
Last active Aug 19, 2016
Yet Another Use After Free Vulnerability in unserialize() with SplDoublyLinkedList
View .md

#Yet Another Use After Free Vulnerability in unserialize() with SplDoublyLinkedList

Taoguang Chen <@chtg> - Write Date: 2015.8.27 - Release Date: 2015.9.4

A use-after-free vulnerability was discovered in unserialize() with SplDoublyLinkedList object's deserialization and crafted object's __wakeup() magic method that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely.

Affected Versions

Affected is PHP 5.6 < 5.6.13
Affected is PHP 5.5 < 5.5.29

@chtg
chtg / .md
Created Aug 27, 2015
Yet Another Use After Free Vulnerability in unserialize() with SplObjectStorage
View .md

#Yet Another Use After Free Vulnerability in unserialize() with SplObjectStorage

Taoguang Chen <@chtg> - Write Date: 2015.8.27 - Release Date: 2015.9.4

A use-after-free vulnerability was discovered in unserialize() with SplObjectStorage object's deserialization and crafted object's __wakeup() magic method that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely.

Affected Versions

Affected is PHP 5.6 < 5.6.13
Affected is PHP 5.5 < 5.5.29

@chtg
chtg / .md
Last active Sep 5, 2015
Use After Free Vulnerabilities in Session Deserializer
View .md

#Use After Free Vulnerabilities in Session Deserializer

Taoguang Chen <@chtg> - Write Date: 2015.8.9 - Release Date: 2015.9.4

Multiple use-after-free vulnerabilities were discovered in session deserializer (php/php_binary/php_serialize) that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely.

Affected Versions

Affected is PHP 5.6 < 5.6.13
Affected is PHP 5.5 < 5.5.29

@chtg
chtg / .md
Created Aug 26, 2015
Use After Free Vulnerability in unserialize() with GMP
View .md

#Use After Free Vulnerability in unserialize() with GMP

Taoguang Chen <@chtg> - Write Date: 2015.8.17 - Release Date: 2015.9.4

A use-after-free vulnerability was discovered in unserialize() with GMP object's deserialization that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely.

Affected Versions

Affected is PHP 5.6 < 5.6.13

@chtg
chtg / .md
Last active Sep 5, 2015
Use After Free Vulnerability in unserialize()
View .md

#Use After Free Vulnerabilities in unserialize()

Taoguang Chen <@chtg> - Write Date: 2015.7.31 - Release Date: 2015.9.4

Multiple use-after-free vulnerabilities were discovered in unserialize() with Serializable class that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely.

Affected Versions

Affected is PHP 5.6 < 5.6.13
Affected is PHP 5.5 < 5.5.29

@chtg
chtg / .md
Last active Aug 29, 2015
Use After Free Vulnerability in unserialize() with SplDoublyLinkedList
View .md

#Use After Free Vulnerability in unserialize() with SplDoublyLinkedList

Taoguang Chen <@chtg> - Write Date: 2015.7.30 - Release Date: 2015.8.7

A use-after-free vulnerability was discovered in unserialize() with SplDoublyLinkedList object's deserialization that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely.

Affected Versions

Affected is PHP 5.6 < 5.6.12
Affected is PHP 5.5 < 5.5.28

@chtg
chtg / .md
Last active Aug 29, 2015
Use After Free Vulnerability in unserialize() with SplObjectStorage
View .md

#Use After Free Vulnerability in unserialize() with SplObjectStorage

Taoguang Chen <@chtg> - Write Date: 2015.7.30 - Release Date: 2015.8.7

A use-after-free vulnerability was discovered in unserialize() with SplObjectStorage object's deserialization that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely.

Affected Versions

Affected is PHP 5.6 < 5.6.12
Affected is PHP 5.5 < 5.5.28

@chtg
chtg / .md
Last active Nov 10, 2021
Use After Free Vulnerability in unserialize() with SPL ArrayObject
View .md

#Use After Free Vulnerability in unserialize() with SPL ArrayObject

Taoguang Chen <@chtg> - Write Date: 2015.7.30 - Release Date: 2015.8.7

A use-after-free vulnerability was discovered in unserialize() with SPL ArrayObject object's deserialization that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely.

Affected Versions

Affected is PHP 5.6 < 5.6.12
Affected is PHP 5.5 < 5.5.28

@chtg
chtg / gist:4f57d0392ee8937d3e94
Last active Aug 29, 2015
Type Confusion Infoleak and Heap Overflow Vulnerability in unserialize() with exception
View gist:4f57d0392ee8937d3e94

Type Confusion Infoleak and Heap Overflow Vulnerability in unserialize() with exception

Taoguang Chen <@chtg> - Write Date: 2015.3.3 - Release Date: 2015.4.28

A type confusion vulnerability was discovered in exception object's __toString()/getTraceAsString() method that can be abused for leaking arbitrary memory blocks or heap overflow.

Affected Versions

Affected is PHP 5.6 < 5.6.8
Affected is PHP 5.5 < 5.5.24

@chtg
chtg / gist:a5aee007a55d46f009aa
Last active Aug 29, 2015
Type Confusion Infoleak Vulnerabilities in SoapClient
View gist:a5aee007a55d46f009aa

Type Confusion Infoleak Vulnerabilities in SoapClient

Taoguang Chen <@chtg> - Write Date: 2015.3.1 - Release Date: 2015.3.20

Four type confusion vulnerabilities were discovered in SoapClient object's some methods that can be abused for leaking arbitrary memory blocks.

Affected Versions

Affected is PHP 5.6 < 5.6.7
Affected is PHP 5.5 < 5.5.23