[wp-hackers] Fwd: Advisory 09/2006: PHP unserialize()
ArrayCreation Integer Overflow
Sam Angove
sam at rephrase.net
Mon Oct 9 16:25:43 GMT 2006
On 10/10/06, Aaron Brazell <emmensetech at gmail.com> wrote:
>
> However, maybe looking at why we serialize arrays and if there's another way
> to skin the cat that circumvents the issue altogether.
>
See also: http://trac.wordpress.org/ticket/2591
It was raised in response to another `unserialize()` issue, also
mentioned in that advisory, that it's "trivial to crash PHP with a
large amount of nested arrays".
More information about the wp-hackers
mailing list