Integer Overflow in unserialize function in PHP versions before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2

Integer Overflow in unserialize function in PHP versions before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2

CVE-2014-3669 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function that triggers calculation of a large length value.

Learn more about our Web Application Penetration Testing UK.