The PHP 5 branch of the PHP source code lacks the
protection against possible integer overflows inside
ecalloc() that is present in the PHP 4 branch and also for
several years part of our Hardening-Patch and our new
Suhosin-Patch.
It was discovered that such an integer overflow can be
triggered when user input is passed to the unserialize()
function. Earlier vulnerabilities in PHP's unserialize()
that were also discovered by one of our audits in December
2004 are unrelated to the newly discovered flaw, but they
have shown, that the unserialize() function is exposed to
user-input in many popular PHP applications. Examples for
applications that use the content of COOKIE variables with
unserialize() are phpBB and Serendipity.
The successful exploitation of this integer overflow will
result in arbitrary code execution.