SUSE CVE-2016-9935

The phpwddxpushelement function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service out-of-bounds read and memory corruption or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document...

SUSE CVE-2017-11143

In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wddx/wddx.c...

php: Invalid read when wddx decodes empty boolean element

The phpwddxpushelement function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service out-of-bounds read and memory corruption or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document...

UBUNTU-CVE-2016-9935

The phpwddxpushelement function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service out-of-bounds read and memory corruption or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document...

FreeBSD : PHP -- multiple vulnerabilities (6972668d-cdb7-11e6-a9a5-b499baebfeaf)

The PHP project reports : - Use After Free Vulnerability in unserialize CVE-2016-9936 - Invalid read when wddx decodes empty boolean element CVE-2016-9935 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD...

Internet Bug Bounty: Invalid read when wddx decodes empty boolean element

Description ----------- I have found some vulnerable code in wddx extension. The trouble happens when trying to process 'boolean' tag. If I open tag without data, new stentry item WILL NOT be pushed into stack. When tag is closed and stack-top is greater than 1, stentry item at top of stack WILL ...