CVE-2015-6835

Priority
Description
The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, and
5.6.x before 5.6.13 mishandles multiple php_var_unserialize calls, which
allow remote attackers to execute arbitrary code or cause a denial of
service (use-after-free) via crafted session content.
Assigned-to
mdeslaur
Notes
More Information

Updated: 2019-12-05 18:42:47 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)