Lucene search
K

9 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 5:4 a.m.6 views

SUSE CVE-2016-3141

Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service memory corruption and application crash or possibly have unspecified other impact by triggering a wddxdeserialize call on XML data...

9.8CVSS9.2AI score0.35438EPSS
Exploits0References10
BDU FSTEC
BDU FSTEC
added 2022/04/20 12:0 a.m.6 views

The vulnerability of the wddx_deserialize() function in the PHP programming language lies in the use of memory after it is freed, allowing an attacker to trigger a denial-of-service attack.

The vulnerability of the PHP programming language interpreter is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability can allow an attacker, operating remotely, to cause service failures...

7.8CVSS7.1AI score0.06846EPSS
Exploits0References10Affected Software3
OSV
OSV
added 2020/10/15 12:0 p.m.10 views

CLSA-2020-1605798462 Fix of 227 CVE

Fix bug 69720: Null pointer dereference in phargetfpoffset - Fix bug 70728: Type Confusion Vulnerability in PHPtoXMLRPCworker - Fix bug 70661: Use After Free Vulnerability in WDDX Packet Deserialization - Fix bug 70741: Session WDDX Packet Deserialization Type Confusion Vulnerability - Fix bug...

10CVSS7.9AI score0.94859EPSS
Exploits88References1
OSV
OSV
added 2017/01/24 12:0 a.m.3 views

UBUNTU-CVE-2016-10162

The phpwddxpopelement function in ext/wddx/wddx.c in PHP 7.0.x before 7.0.15 and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via an inapplicable class name in a wddxPacket XML document, leading to mishandling in a...

7.5CVSS7.2AI score0.05879EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2016/11/15 11:40 a.m.7 views

php: wddx_deserialize allows illegal memory access

The phpwddxprocessdata function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service segmentation fault or possibly have unspecified other impact via an invalid ISO 8601 time value, as demonstrated by a wddxdeserialize call that...

9.8CVSS7.4AI score0.06842EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2016/11/15 11:40 a.m.5 views

php: wddx_deserialize null dereference

The phpwddxpopelement function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service NULL pointer dereference and application crash or possibly have unspecified other impact via an invalid base64 binary value, as demonstrated by a...

7.5CVSS7.4AI score0.06672EPSS
Exploits1References4
CNVD
CNVD
added 2016/06/28 12:0 a.m.1 views

PHP 'wddx_deserialize' function double release vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. A double-release vulnerability exists in PHP's wddxdeserialize function, which can be exploited by a remote attacker to execute arbitrary code...

9.8CVSS8.7AI score0.09674EPSS
Exploits1References1
CNVD
CNVD
added 2016/04/03 12:0 a.m.2 views

PHP WDDX Extension wddx.c Buffer Overflow Vulnerability

PHP is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community.PHAR is one of the archived extensions. A buffer overflow vulnerability exists in the wddx.c file in PHP's WDDX extension. A remote attacker could send a wddxdeserialize cal...

9.8CVSS8.7AI score0.35438EPSS
Exploits0References1
Hacker One
Hacker One
added 2016/02/14 12:45 p.m.24 views

Internet Bug Bounty: Use-After-Free / Double-Free in WDDX Deserialize

https://bugs.php.net/bug.php?id=71587...

6.9AI score
Exploits0
Rows per page
Query Builder