CVE-2016-9934

Published: Jan 4, 2017

Modified: Aug 6, 2024

PUBLISHED

Description

ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20161212 CVE assignment for PHP 5.6.28, 5.6.29, 7.0.13, 7.0.14 and 7.1.0

mailing-list

x_refsource_MLIST

openSUSE-SU-2017:0081

vendor-advisory

x_refsource_SUSE

http://www.php.net/ChangeLog-7.php

x_refsource_CONFIRM

94845

vdb-entry

x_refsource_BID

RHSA-2018:1296

vendor-advisory

x_refsource_REDHAT

http://www.php.net/ChangeLog-5.php

x_refsource_CONFIRM

openSUSE-SU-2017:0061

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2016:3239

vendor-advisory

x_refsource_SUSE

https://github.com/php/php-src/commit/6045de69c7dedcba3eadf7c4bba424b19c81d00d

x_refsource_CONFIRM

https://bugs.php.net/bug.php?id=73331

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2016-9934

Description

Affected Products

References