PHP is vulnerable to null pointer dereference vulnerability. This exists in ext/wddx/wddx.c
which allows remote attackers to cause a denial of service via crafted serialized data in a wddxPacket
XML document, as demonstrated by a PDORow
string.
CPE | Name | Operator | Version |
---|---|---|---|
rh-php70-php | eq | 7.0.10__2.el7 | |
rh-php70-php | eq | 7.0.10__2.el6 | |
rh-php70-php | eq | 7.0.10__2.el7 | |
rh-php70-php | eq | 7.0.10__2.el6 |
lists.opensuse.org/opensuse-updates/2016-12/msg00142.html
lists.opensuse.org/opensuse-updates/2017-01/msg00034.html
lists.opensuse.org/opensuse-updates/2017-01/msg00054.html
www.openwall.com/lists/oss-security/2016/12/12/2
www.php.net/ChangeLog-5.php
www.php.net/ChangeLog-7.php
www.securityfocus.com/bid/94845
access.redhat.com/documentation/en-us/red_hat_software_collections/3/html/3.1_release_notes/chap-rhscl#sect-RHSCL-Changes-php
access.redhat.com/errata/RHSA-2018:1296
access.redhat.com/security/updates/classification/#moderate
bugs.php.net/bug.php?id=73331
github.com/php/php-src/commit/6045de69c7dedcba3eadf7c4bba424b19c81d00d