#Use After Free Vulnerabilities in Session Deserializer
Taoguang Chen <@chtg> - Write Date: 2015.8.9 - Release Date: 2015.9.4
Multiple use-after-free vulnerabilities were discovered in session deserializer (php/php_binary/php_serialize) that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely.
Affected is PHP 5.6 < 5.6.13
Affected is PHP 5.5 < 5.5.29