spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data.
{ "vanir_signatures": [ { "deprecated": false, "target": { "file": "ext/spl/spl_array.c" }, "source": "https://github.com/php/php-src/commit/3f627e580acfdaf0595ae3b115b8bec677f203ee", "signature_type": "Line", "id": "CVE-2016-5771-55bd4544", "signature_version": "v1", "digest": { "threshold": 0.9, "line_hashes": [ "172529010675807687807396361343353921974", "63080092587161679693851290759915191347", "92445649054574504178969508602087037098", "47983572388981575197119334583777239342", "49093506086661717566379834635802782751", "320528347532434852589338425328485404914", "182173827853381497248658603193030993074" ] } }, { "deprecated": false, "target": { "function": "PHP_MINIT_FUNCTION", "file": "ext/spl/spl_array.c" }, "source": "https://github.com/php/php-src/commit/3f627e580acfdaf0595ae3b115b8bec677f203ee", "signature_type": "Function", "id": "CVE-2016-5771-b5efc824", "signature_version": "v1", "digest": { "function_hash": "178346697772086131021134430194686741868", "length": 2442.0 } } ] }