Описание
The php_wddx_pop_element function in ext/wddx/wddx.c in PHP 7.0.x before 7.0.15 and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an inapplicable class name in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | not-affected | only affects php7.0 |
| precise | not-affected | only affects php7.0 |
| trusty | not-affected | only affects php7.0 |
| trusty/esm | not-affected | only affects php7.0 |
| upstream | not-affected | only affects php7.0 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE | |
| xenial | DNE | |
| yakkety | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 7.0.15-1ubuntu2 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/xenial | released | 7.0.15-0ubuntu0.16.04.2 |
| precise | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | released | 7.0.15 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE | |
| xenial | released | 7.0.15-0ubuntu0.16.04.2 |
Показывать по
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
The php_wddx_pop_element function in ext/wddx/wddx.c in PHP 7.0.x before 7.0.15 and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an inapplicable class name in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call.
The php_wddx_pop_element function in ext/wddx/wddx.c in PHP 7.0.x before 7.0.15 and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an inapplicable class name in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call.
The php_wddx_pop_element function in ext/wddx/wddx.c in PHP 7.0.x befo ...
The php_wddx_pop_element function in ext/wddx/wddx.c in PHP 7.0.x before 7.0.15 and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an inapplicable class name in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call.
EPSS
5 Medium
CVSS2
7.5 High
CVSS3