CVE-2017-11143
N/A
N/A
Summary
In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wddx/wddx.c.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://openwall.com/lists/oss-security/2017/07/10/6
- https://www.tenable.com/security/tns-2017-12
- http://www.securityfocus.com/bid/99553
- https://bugs.php.net/bug.php?id=74145
- https://access.redhat.com/errata/RHSA-2018:1296
- http://php.net/ChangeLog-5.php
- https://security.netapp.com/advisory/ntap-20180112-0001/
- https://www.debian.org/security/2018/dsa-4081
- https://git.php.net/?p=php-src.git%3Ba=commit%3Bh=2aae60461c2ff7b7fbcdd194c789ac841d0747d7
References
- http://openwall.com/lists/oss-security/2017/07/10/6
- https://www.tenable.com/security/tns-2017-12
- http://www.securityfocus.com/bid/99553
- https://bugs.php.net/bug.php?id=74145
- https://access.redhat.com/errata/RHSA-2018:1296
- http://php.net/ChangeLog-5.php
- https://security.netapp.com/advisory/ntap-20180112-0001/
- https://www.debian.org/security/2018/dsa-4081
- https://git.php.net/?p=php-src.git%3Ba=commit%3Bh=2aae60461c2ff7b7fbcdd194c789ac841d0747d7
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.