5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.8 High
AI Score
Confidence
High
0.012 Low
EPSS
Percentile
85.5%
In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash.
[
{
"product": "PHP",
"vendor": "PHP Group",
"versions": [
{
"lessThan": "7.3.27",
"status": "affected",
"version": "7.3.x",
"versionType": "custom"
},
{
"lessThan": "7.4.15",
"status": "affected",
"version": "7.4.x",
"versionType": "custom"
},
{
"lessThan": "8.0.2",
"status": "affected",
"version": "8.0.X",
"versionType": "custom"
}
]
}
]
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.8 High
AI Score
Confidence
High
0.012 Low
EPSS
Percentile
85.5%