CVE-2016-9936 - log back

CVE-2016-9936 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via crafted serialized data.
References
+ https://github.com/php/php-src/commit/b2af4e8868726a040234de113436c6e4f6372d17
+ https://bugs.php.net/bug.php?id=72978
+ http://www.openwall.com/lists/oss-security/2016/12/12/2
Notes