Use-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that lacks an end-tag for a recordset field element, leading to mishandling in a wddx_deserialize call.
http://www.openwall.com/lists/oss-security/2016/09/15/10
http://www.php.net/ChangeLog-5.php
http://www.php.net/ChangeLog-7.php
http://www.securityfocus.com/bid/93006
http://www.securitytracker.com/id/1036836
https://access.redhat.com/errata/RHSA-2018:1296
https://bugs.php.net/bug.php?id=72860
https://github.com/php/php-src/commit/b88393f08a558eec14964a55d3c680fe67407712?w=1
Source: MITRE
Published: 2016-09-17
Updated: 2018-05-04
Type: CWE-416
Base Score: 7.5
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 10
Severity: HIGH
Base Score: 9.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 3.9
Severity: CRITICAL
OR
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions up to 5.6.25 (inclusive)
cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:7.0.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:7.0.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:7.0.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:7.0.7:*:*:*:*:*:*:*
cpe:2.3:a:php:php:7.0.8:*:*:*:*:*:*:*
ID | Name | Product | Family | Severity |
---|---|---|---|---|
129236 | EulerOS 2.0 SP3 : php (EulerOS-SA-2019-2043) | Nessus | Huawei Local Security Checks | high |
128917 | EulerOS 2.0 SP2 : php (EulerOS-SA-2019-1865) | Nessus | Huawei Local Security Checks | high |
98835 | PHP 7.0.x < 7.0.11 Multiple Vulnerabilities | Web Application Scanning | Component Vulnerability | high |
98816 | PHP 5.6.x < 5.6.26 Multiple Vulnerabilities | Web Application Scanning | Component Vulnerability | high |
119983 | SUSE SLES12 Security Update : php5 (SUSE-SU-2016:2477-1) | Nessus | SuSE Local Security Checks | high |
119981 | SUSE SLES12 Security Update : php7 (SUSE-SU-2016:2460-1) | Nessus | SuSE Local Security Checks | high |
101048 | Tenable SecurityCenter PHP < 5.6.26 Multiple Vulnerabilities | Nessus | Misc. | critical |
96832 | Tenable SecurityCenter < 5.4.1 Multiple Vulnerabilities (TNS-2016-19) | Nessus | Misc. | high |
96010 | Debian DLA-749-1 : php5 security update (httpoxy) | Nessus | Debian Local Security Checks | high |
95917 | macOS 10.12.x < 10.12.2 Multiple Vulnerabilities | Nessus | MacOS X Local Security Checks | high |
95421 | GLSA-201611-22 : PHP: Multiple vulnerabilities (httpoxy) | Nessus | Gentoo Local Security Checks | high |
94089 | openSUSE Security Update : php5 (openSUSE-2016-1193) | Nessus | SuSE Local Security Checks | high |
94084 | FreeBSD : PHP -- multiple vulnerabilities (f471032a-8700-11e6-8d93-00248c0c745d) | Nessus | FreeBSD Local Security Checks | high |
94083 | FreeBSD : PHP -- multiple vulnerabilities (8d5180a6-86fe-11e6-8d93-00248c0c745d) | Nessus | FreeBSD Local Security Checks | high |
94020 | Amazon Linux AMI : php70 (ALAS-2016-754) | Nessus | Amazon Linux Local Security Checks | high |
94019 | Amazon Linux AMI : php56 (ALAS-2016-753) | Nessus | Amazon Linux Local Security Checks | high |
93914 | Debian DSA-3689-1 : php5 - security update | Nessus | Debian Local Security Checks | high |
93895 | SUSE SLES11 Security Update : php53 (SUSE-SU-2016:2461-1) | Nessus | SuSE Local Security Checks | high |
93894 | SUSE SLES11 Security Update : php53 (SUSE-SU-2016:2459-1) | Nessus | SuSE Local Security Checks | high |
93864 | Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : php5, php7.0 vulnerabilities (USN-3095-1) | Nessus | Ubuntu Local Security Checks | high |
93853 | openSUSE Security Update : php5 (openSUSE-2016-1150) | Nessus | SuSE Local Security Checks | high |
93754 | Fedora 23 : php (2016-db71b72137) | Nessus | Fedora Local Security Checks | high |
93726 | Fedora 24 : php (2016-62fc05fd68) | Nessus | Fedora Local Security Checks | high |
9580 | PHP 5.6.x < 5.6.26 / 7.0.x < 7.0.11 Multiple Vulnerabilities | Nessus Network Monitor | Web Servers | high |
93687 | Slackware 14.0 / 14.1 / 14.2 / current : php (SSA:2016-267-01) | Nessus | Slackware Local Security Checks | high |
93657 | PHP 7.0.x < 7.0.11 Multiple Vulnerabilities | Nessus | CGI abuses | high |
93656 | PHP 5.6.x < 5.6.26 Multiple Vulnerabilities | Nessus | CGI abuses | high |