7.5

CVE-2016-7130

Exploit
The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid base64 binary value, as demonstrated by a wddx_deserialize call that mishandles a binary element in a wddxPacket XML document.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpPhp Version <= 5.6.24
PhpPhp Version7.0.0
PhpPhp Version7.0.1
PhpPhp Version7.0.2
PhpPhp Version7.0.3
PhpPhp Version7.0.4
PhpPhp Version7.0.5
PhpPhp Version7.0.6
PhpPhp Version7.0.7
PhpPhp Version7.0.8
PhpPhp Version7.0.9
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.67% 0.93
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

http://www.php.net/ChangeLog-5.php
Release Notes
http://rhn.redhat.com/errata/RHSA-2016-2750.html
http://www.php.net/ChangeLog-7.php
Release Notes
https://security.gentoo.org/glsa/201611-22
http://openwall.com/lists/oss-security/2016/09/02/9
Mailing List
http://www.securitytracker.com/id/1036680
https://www.tenable.com/security/tns-2016-19
http://www.securityfocus.com/bid/92764
https://bugs.php.net/bug.php?id=72750
Exploit
Issue Tracking
https://github.com/php/php-src/commit/698a691724c0a949295991e5df091ce16f899e02?w=1
Patch
Issue Tracking