Описание
In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 when parsing XML data in SOAP extensions, overly large (>2Gb) XML namespace prefix may lead to null pointer dereference. This may lead to crashes and affect the availability of the target server.
A vulnerability was found in PHP. If a SoapVar instance is created with a fully qualified name larger than 2G, this will cause a NULL pointer dereference resulting in a segmentation fault, leading to a denial of service.
Меры по смягчению последствий
Currently, no mitigation is currently available for this vulnerability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | php | Fix deferred | ||
| Red Hat Enterprise Linux 6 | php | Fix deferred | ||
| Red Hat Enterprise Linux 7 | php | Fix deferred | ||
| Red Hat Enterprise Linux 8 | php:7.4/php | Fix deferred | ||
| Red Hat Enterprise Linux 8 | php:8.2/php | Fix deferred | ||
| Red Hat Enterprise Linux 9 | php | Fix deferred | ||
| Red Hat Enterprise Linux 9 | php:8.2/php | Fix deferred | ||
| Red Hat Enterprise Linux 9 | php:8.3/php | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
5.9 Medium
CVSS3
Связанные уязвимости
In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 when parsing XML data in SOAP extensions, overly large (>2Gb) XML namespace prefix may lead to null pointer dereference. This may lead to crashes and affect the availability of the target server.
In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 when parsing XML data in SOAP extensions, overly large (>2Gb) XML namespace prefix may lead to null pointer dereference. This may lead to crashes and affect the availability of the target server.
NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix
In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before ...
NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix
EPSS
5.9 Medium
CVSS3