7.5

CVE-2016-9934

ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpPhp Version <= 5.6.27
PhpPhp Version7.0.0
PhpPhp Version7.0.1
PhpPhp Version7.0.2
PhpPhp Version7.0.3
PhpPhp Version7.0.4
PhpPhp Version7.0.5
PhpPhp Version7.0.6
PhpPhp Version7.0.7
PhpPhp Version7.0.8
PhpPhp Version7.0.9
PhpPhp Version7.0.10
PhpPhp Version7.0.11
PhpPhp Version7.0.12
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.85% 0.932
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

http://www.php.net/ChangeLog-5.php
Vendor Advisory
Release Notes
http://www.php.net/ChangeLog-7.php
Vendor Advisory
Release Notes
https://access.redhat.com/errata/RHSA-2018:1296
http://lists.opensuse.org/opensuse-updates/2016-12/msg00142.html
http://lists.opensuse.org/opensuse-updates/2017-01/msg00034.html
http://lists.opensuse.org/opensuse-updates/2017-01/msg00054.html
http://www.openwall.com/lists/oss-security/2016/12/12/2
Third Party Advisory
http://www.securityfocus.com/bid/94845
https://bugs.php.net/bug.php?id=73331
Vendor Advisory
https://github.com/php/php-src/commit/6045de69c7dedcba3eadf7c4bba424b19c81d00d
Vendor Advisory