Skip to content

Instantly share code, notes, and snippets.

@chtg
chtg / .md
Last active August 19, 2016 04:48
Yet Another Use After Free Vulnerability in unserialize() with SplDoublyLinkedList

#Yet Another Use After Free Vulnerability in unserialize() with SplDoublyLinkedList

Taoguang Chen <@chtg> - Write Date: 2015.8.27 - Release Date: 2015.9.4

A use-after-free vulnerability was discovered in unserialize() with SplDoublyLinkedList object's deserialization and crafted object's __wakeup() magic method that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely.

Affected Versions

Affected is PHP 5.6 < 5.6.13
Affected is PHP 5.5 < 5.5.29

@chtg
chtg / .md
Created August 27, 2015 11:23
Yet Another Use After Free Vulnerability in unserialize() with SplObjectStorage

#Yet Another Use After Free Vulnerability in unserialize() with SplObjectStorage

Taoguang Chen <@chtg> - Write Date: 2015.8.27 - Release Date: 2015.9.4

A use-after-free vulnerability was discovered in unserialize() with SplObjectStorage object's deserialization and crafted object's __wakeup() magic method that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely.

Affected Versions

Affected is PHP 5.6 < 5.6.13
Affected is PHP 5.5 < 5.5.29

@chtg
chtg / .md
Last active September 5, 2015 02:37
Use After Free Vulnerabilities in Session Deserializer

#Use After Free Vulnerabilities in Session Deserializer

Taoguang Chen <@chtg> - Write Date: 2015.8.9 - Release Date: 2015.9.4

Multiple use-after-free vulnerabilities were discovered in session deserializer (php/php_binary/php_serialize) that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely.

Affected Versions

Affected is PHP 5.6 < 5.6.13
Affected is PHP 5.5 < 5.5.29

@chtg
chtg / .md
Created August 26, 2015 11:04
Use After Free Vulnerability in unserialize() with GMP

#Use After Free Vulnerability in unserialize() with GMP

Taoguang Chen <@chtg> - Write Date: 2015.8.17 - Release Date: 2015.9.4

A use-after-free vulnerability was discovered in unserialize() with GMP object's deserialization that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely.

Affected Versions

Affected is PHP 5.6 < 5.6.13

@chtg
chtg / .md
Last active September 5, 2015 02:43
Use After Free Vulnerability in unserialize()

#Use After Free Vulnerabilities in unserialize()

Taoguang Chen <@chtg> - Write Date: 2015.7.31 - Release Date: 2015.9.4

Multiple use-after-free vulnerabilities were discovered in unserialize() with Serializable class that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely.

Affected Versions

Affected is PHP 5.6 < 5.6.13
Affected is PHP 5.5 < 5.5.29

@chtg
chtg / .md
Last active August 29, 2015 14:26
Use After Free Vulnerability in unserialize() with SplDoublyLinkedList

#Use After Free Vulnerability in unserialize() with SplDoublyLinkedList

Taoguang Chen <@chtg> - Write Date: 2015.7.30 - Release Date: 2015.8.7

A use-after-free vulnerability was discovered in unserialize() with SplDoublyLinkedList object's deserialization that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely.

Affected Versions

Affected is PHP 5.6 < 5.6.12
Affected is PHP 5.5 < 5.5.28

@chtg
chtg / .md
Last active August 29, 2015 14:26
Use After Free Vulnerability in unserialize() with SplObjectStorage

#Use After Free Vulnerability in unserialize() with SplObjectStorage

Taoguang Chen <@chtg> - Write Date: 2015.7.30 - Release Date: 2015.8.7

A use-after-free vulnerability was discovered in unserialize() with SplObjectStorage object's deserialization that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely.

Affected Versions

Affected is PHP 5.6 < 5.6.12
Affected is PHP 5.5 < 5.5.28

@chtg
chtg / .md
Last active November 10, 2021 14:06
Use After Free Vulnerability in unserialize() with SPL ArrayObject

#Use After Free Vulnerability in unserialize() with SPL ArrayObject

Taoguang Chen <@chtg> - Write Date: 2015.7.30 - Release Date: 2015.8.7

A use-after-free vulnerability was discovered in unserialize() with SPL ArrayObject object's deserialization that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely.

Affected Versions

Affected is PHP 5.6 < 5.6.12
Affected is PHP 5.5 < 5.5.28

@chtg
chtg / gist:4f57d0392ee8937d3e94
Last active August 29, 2015 14:20
Type Confusion Infoleak and Heap Overflow Vulnerability in unserialize() with exception

Type Confusion Infoleak and Heap Overflow Vulnerability in unserialize() with exception

Taoguang Chen <@chtg> - Write Date: 2015.3.3 - Release Date: 2015.4.28

A type confusion vulnerability was discovered in exception object's __toString()/getTraceAsString() method that can be abused for leaking arbitrary memory blocks or heap overflow.

Affected Versions

Affected is PHP 5.6 < 5.6.8
Affected is PHP 5.5 < 5.5.24

@chtg
chtg / gist:a5aee007a55d46f009aa
Last active August 29, 2015 14:17
Type Confusion Infoleak Vulnerabilities in SoapClient

Type Confusion Infoleak Vulnerabilities in SoapClient

Taoguang Chen <@chtg> - Write Date: 2015.3.1 - Release Date: 2015.3.20

Four type confusion vulnerabilities were discovered in SoapClient object's some methods that can be abused for leaking arbitrary memory blocks.

Affected Versions

Affected is PHP 5.6 < 5.6.7
Affected is PHP 5.5 < 5.5.23