#Yet Another Use After Free Vulnerability in unserialize() with SplDoublyLinkedList
Taoguang Chen <@chtg> - Write Date: 2015.8.27 - Release Date: 2015.9.4
A use-after-free vulnerability was discovered in unserialize() with SplDoublyLinkedList object's deserialization and crafted object's __wakeup() magic method that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely.
Affected is PHP 5.6 < 5.6.13
Affected is PHP 5.5 < 5.5.29