#Yet Another Use After Free Vulnerability in unserialize() with SplDoublyLinkedList Taoguang Chen <[@chtg](http://github.com/chtg)> - Write Date: 2015.8.27 - Release Date: 2015.9.4 > A use-after-free vulnerability was discovered in unserialize() with SplDoublyLinkedList object's deserialization and crafted object's __wakeup() magic method that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely. Affected Versions
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment