9.8

CVE-2016-7129

Exploit
The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via an invalid ISO 8601 time value, as demonstrated by a wddx_deserialize call that mishandles a dateTime element in a wddxPacket XML document.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpPhp Version7.0.0
PhpPhp Version7.0.1
PhpPhp Version7.0.2
PhpPhp Version7.0.3
PhpPhp Version7.0.4
PhpPhp Version7.0.5
PhpPhp Version7.0.6
PhpPhp Version7.0.7
PhpPhp Version7.0.8
PhpPhp Version7.0.9
PhpPhp Version <= 5.6.24
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.84% 0.932
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.php.net/ChangeLog-5.php
Release Notes
http://rhn.redhat.com/errata/RHSA-2016-2750.html
http://www.php.net/ChangeLog-7.php
Release Notes
https://security.gentoo.org/glsa/201611-22
http://openwall.com/lists/oss-security/2016/09/02/9
Mailing List
http://www.securitytracker.com/id/1036680
https://www.tenable.com/security/tns-2016-19
http://www.securityfocus.com/bid/92758
https://bugs.php.net/bug.php?id=72749
Exploit
Issue Tracking
https://github.com/php/php-src/commit/426aeb2808955ee3d3f52e0cfb102834cdb836a5?w=1
Patch
Issue Tracking