Security Advisory

CVE-2016-6290

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2016-07-25 14:00:00

Last updated 2024-08-06 01:22:20

Assigner mitre

State PUBLISHED

Description

ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors related to session deserialization.

← Browse all CVEs View on cve.org ↗