#Use After Free Vulnerabilities in Session Deserializer
Taoguang Chen <@chtg> - Write Date: 2015.8.9 - Release Date: 2015.9.4
Multiple use-after-free vulnerabilities were discovered in session deserializer (php/php_binary/php_serialize) that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely.
Affected is PHP 5.6 < 5.6.13
Affected is PHP 5.5 < 5.5.29
#Yet Another Use After Free Vulnerability in unserialize() with SplObjectStorage
Taoguang Chen <@chtg> - Write Date: 2015.8.27 - Release Date: 2015.9.4
A use-after-free vulnerability was discovered in unserialize() with SplObjectStorage object's deserialization and crafted object's __wakeup() magic method that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely.
Affected is PHP 5.6 < 5.6.13
Affected is PHP 5.5 < 5.5.29
#Use After Free Vulnerabilities in unserialize()
Taoguang Chen <@chtg> - Write Date: 2015.7.31 - Release Date: 2015.9.4
Multiple use-after-free vulnerabilities were discovered in unserialize() with Serializable class that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely.
Affected is PHP 5.6 < 5.6.13
Affected is PHP 5.5 < 5.5.29
#Yet Another Use After Free Vulnerability in unserialize() with SplDoublyLinkedList
Taoguang Chen <@chtg> - Write Date: 2015.8.27 - Release Date: 2015.9.4
A use-after-free vulnerability was discovered in unserialize() with SplDoublyLinkedList object's deserialization and crafted object's __wakeup() magic method that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely.
Affected is PHP 5.6 < 5.6.13
Affected is PHP 5.5 < 5.5.29
#Use After Free Vulnerability in unserialize() with GMP
Taoguang Chen <@chtg> - Write Date: 2015.8.17 - Release Date: 2015.9.4
A use-after-free vulnerability was discovered in unserialize() with GMP object's deserialization that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely.
Affected is PHP 5.6 < 5.6.13
Taoguang Chen <@chtg> - Write Date: 2015.3.1 - Release Date: 2015.3.20
A type confusion vulnerability was discovered in SoapClient object's __getCookies() method that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely.
Affected is PHP 5.6 < 5.6.7
Affected is PHP 5.5 < 5.5.23
#PHP Session 序列化及反序列化处理器设置使用不当带来的安全隐患
Taoguang Chen <@chtg> - 2014.11.11
##PHP Session 序列化及反序列化处理器
PHP 内置了多种处理器用于存取 $_SESSION 数据时会对数据进行序列化和反序列化,常用的有以下三种,对应三种不同的处理格式:
| 处理器 | 对应的存储格式 |
|---|
#Use After Free Vulnerability in unserialize() with SPL ArrayObject
Taoguang Chen <@chtg> - Write Date: 2015.7.30 - Release Date: 2015.8.7
A use-after-free vulnerability was discovered in unserialize() with SPL ArrayObject object's deserialization that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely.
Affected is PHP 5.6 < 5.6.12
Affected is PHP 5.5 < 5.5.28
#Use After Free Vulnerability in unserialize() with DateInterval
Taoguang Chen <@chtg> - Write Date: 2015.2.28 - Release Date: 2015.3.20
A use-after-free vulnerability was discovered in unserialize() with DateInterval object's __wakeup() magic method that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely.
Affected is PHP 5.6 < 5.6.7
Affected is PHP 5.5 < 5.5.23
#Code Injection Vulnerability via unserialize() Function and var_export() Function in HHVM 3
Taoguang Chen <@chtg> - 2014.10.29
HHVM's var_export() function wrongly handles an undefined class, and unserialize() function wrongly handles an invalid classname.
##HHVM's var_export() function HHVM's var_export() function had a parse error when exporting an undefined class: