[wp-hackers] Fwd: Advisory 09/2006: PHP unserialize() ArrayCreation Integer Overflow

Sam Angove sam at rephrase.net
Mon Oct 9 16:25:43 GMT 2006

On 10/10/06, Aaron Brazell <emmensetech at gmail.com> wrote:
> However, maybe looking at why we serialize arrays and if there's another way
> to skin the cat that circumvents the issue altogether.

See also: http://trac.wordpress.org/ticket/2591

It was raised in response to another `unserialize()` issue, also
mentioned in that advisory, that it's "trivial to crash PHP with a
large amount of nested arrays".

More information about the wp-hackers mailing list