Astra Linux - уязвимость в php7.3

In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15, and 8.0.x below 8.0.2, when using the SOAP extension to connect to a SOAP server, a malicious SOAP server may return malformed XML data as a response. This could cause PHP to access a null pointer, resulting in a crash...

php: NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix

A vulnerability was found in PHP. If a SoapVar instance is created with a fully qualified name larger than 2G, this will cause a NULL pointer dereference resulting in a segmentation fault, leading to a denial of service...

CVE-2025-6491

CVE-2025-6491 causes a NULL pointer dereference in the PHP SOAP extension when parsing XML data with very large ( >2 GB) XML namespace prefixes, leading to server crashes and potential availability impact. It affects PHP versions across 8.1–8.4 series before patched releases; patched versions ...

PHP 8.3.x < 8.3.23 Multiple Vulnerabilities

According to its self-reported version number, the version of PHP installed on the remote host is 8.1.x prior to 8.1.33, 8.2.x prior to 8.2.29, 8.3.x prior to 8.3.23, or 8.4.x prior to 8.4.10. It is, therefore, affected by multiple vulnerabilities: - pgsql extension does not check for errors duri...

PT-2021-3347 · Php +10 · Php +10

Name of the Vulnerable Software and Affected Versions: PHP versions 7.3.x through 7.3.26 PHP versions 7.4.x through 7.4.14 PHP versions 8.0.x through 8.0.1 Description: The issue is related to pointer dereference errors in the PHP SOAP extension. A malicious SOAP server could return malformed XML...