Описание
In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash.
A NULL pointer dereference issue is in the SOAP extension of PHP. More specifically, the flaw occurs in the SoapClient when parsing a WSDL document due to improper checking of a child node name. A malicious or compromised server replies with a crafted WSDL document, leading to a denial of service of the SoapClient accessing said document. The highest threat from this vulnerability is to system availability.
Отчет
This flaw has been rated as having a security impact of Low, because it requires a malicious or compromised server in order to be exploited, and it only affects the SOAP client.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | php | Out of support scope | ||
| Red Hat Enterprise Linux 5 | php53 | Out of support scope | ||
| Red Hat Enterprise Linux 6 | php | Out of support scope | ||
| Red Hat Enterprise Linux 7 | php | Out of support scope | ||
| Red Hat Enterprise Linux 8 | php:7.2/php | Fix deferred | ||
| Red Hat Enterprise Linux 8 | php:7.3/php | Fix deferred | ||
| Red Hat Enterprise Linux 9 | php | Not affected | ||
| Red Hat Enterprise Linux 8 | php | Fixed | RHSA-2021:4213 | 09.11.2021 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | rh-php73-php | Fixed | RHSA-2021:2992 | 03.08.2021 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS | rh-php73-php | Fixed | RHSA-2021:2992 | 03.08.2021 |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash.
In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash.
In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below ...
7.5 High
CVSS3