Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2016-5772: Fix bug #72340: Double Free Courruption in wddx_deserialize · php/php-src@a44c89e

Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted XML data that is mishandled in a wddx_deserialize call.

CVE
#vulnerability#dos#php

@@ -1096,6 +1096,9 @@ static void php_wddx_process_data(void *user_data, const XML_Char *s, int len)

break;

case ST_BOOLEAN:

if(!ent->data) {

break;

}

if (!strcmp(s, “true”)) {

Z_LVAL_P(ent->data) = 1;

} else if (!strcmp(s, “false”)) {

@@ -1104,6 +1107,7 @@ static void php_wddx_process_data(void *user_data, const XML_Char *s, int len)

zval_ptr_dtor(&ent->data);

if (ent->varname) {

efree(ent->varname);

ent->varname = NULL;

}

ent->data = NULL;

}

Related news

CVE-2016-5771: PHP: PHP 5 ChangeLog

spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data.

CVE-2016-4343: PHP: PHP 7 ChangeLog

The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service (uninitialized pointer dereference) or possibly have unspecified other impact via a crafted TAR archive.

CVE-2014-3479: PHP: PHP 5 ChangeLog

The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907