9 matches found
SUSE CVE-2016-3141
Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service memory corruption and application crash or possibly have unspecified other impact by triggering a wddxdeserialize call on XML data...
The vulnerability of the wddx_deserialize() function in the PHP programming language lies in the use of memory after it is freed, allowing an attacker to trigger a denial-of-service attack.
The vulnerability of the PHP programming language interpreter is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability can allow an attacker, operating remotely, to cause service failures...
CLSA-2020-1605798462 Fix of 227 CVE
Fix bug 69720: Null pointer dereference in phargetfpoffset - Fix bug 70728: Type Confusion Vulnerability in PHPtoXMLRPCworker - Fix bug 70661: Use After Free Vulnerability in WDDX Packet Deserialization - Fix bug 70741: Session WDDX Packet Deserialization Type Confusion Vulnerability - Fix bug...
UBUNTU-CVE-2016-10162
The phpwddxpopelement function in ext/wddx/wddx.c in PHP 7.0.x before 7.0.15 and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via an inapplicable class name in a wddxPacket XML document, leading to mishandling in a...
php: wddx_deserialize allows illegal memory access
The phpwddxprocessdata function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service segmentation fault or possibly have unspecified other impact via an invalid ISO 8601 time value, as demonstrated by a wddxdeserialize call that...
php: wddx_deserialize null dereference
The phpwddxpopelement function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service NULL pointer dereference and application crash or possibly have unspecified other impact via an invalid base64 binary value, as demonstrated by a...
PHP 'wddx_deserialize' function double release vulnerability
PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. A double-release vulnerability exists in PHP's wddxdeserialize function, which can be exploited by a remote attacker to execute arbitrary code...
PHP WDDX Extension wddx.c Buffer Overflow Vulnerability
PHP is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community.PHAR is one of the archived extensions. A buffer overflow vulnerability exists in the wddx.c file in PHP's WDDX extension. A remote attacker could send a wddxdeserialize cal...
Internet Bug Bounty: Use-After-Free / Double-Free in WDDX Deserialize
https://bugs.php.net/bug.php?id=71587...