7.5

CVE-2016-10162

The php_wddx_pop_element function in ext/wddx/wddx.c in PHP 7.0.x before 7.0.15 and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an inapplicable class name in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpPhp Version7.0.0
PhpPhp Version7.0.1
PhpPhp Version7.0.2
PhpPhp Version7.0.3
PhpPhp Version7.0.4
PhpPhp Version7.0.5
PhpPhp Version7.0.6
PhpPhp Version7.0.7
PhpPhp Version7.0.8
PhpPhp Version7.0.9
PhpPhp Version7.0.10
PhpPhp Version7.0.11
PhpPhp Version7.0.12
PhpPhp Version7.0.13
PhpPhp Version7.0.14
PhpPhp Version7.1.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.88% 0.923
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

http://php.net/ChangeLog-7.php
Vendor Advisory
Release Notes
https://access.redhat.com/errata/RHSA-2018:1296
http://www.securitytracker.com/id/1037659
http://www.securityfocus.com/bid/95668
https://bugs.php.net/bug.php?id=73831
Issue Tracking
https://github.com/php/php-src/commit/8d2539fa0faf3f63e1d1e7635347c5b9e777d47b
Patch
Third Party Advisory
Issue Tracking