Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

PHP 4.3.10 < 4.4.9 / 5.0.3 < 5.4.36 / 5.5.x < 5.5.20 / 5.6.x < 5.6.4 DoS

Medium

Synopsis

The remote web server uses a version of PHP that is affected by a denial of service vulnerability.

Description

PHP versions 4.3.10 through 4.4.9, 5.0.3 prior to 5.4.36, 5.5.x prior to 5.5.20, and 5.6.x prior to 5.6.4 are affected by a denial of service vulnerability due to a NULL pointer dereference condition. Specifically, this issue affects the 'var_push_dtor()' function of the 'unserialize.c' source file. This may allow a remote attacker to crash the affected application, denying service to legitimate users. (Bug 68545)

Solution

Apply the vendor's patch, or upgrade to the latest version. These issues have been fixed in versions 5.4.36, 5.5.20, 5.6.4 and later.