CVE-2016-10162

The php_wddx_pop_element function in ext/wddx/wddx.c in PHP 7.0.x before 7.0.15 and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an inapplicable class name in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
VendorProductVersion
phpphp
7.0.0
phpphp
7.0.1
phpphp
7.0.2
phpphp
7.0.3
phpphp
7.0.4
phpphp
7.0.5
phpphp
7.0.6
phpphp
7.0.7
phpphp
7.0.8
phpphp
7.0.9
phpphp
7.0.10
phpphp
7.0.11
phpphp
7.0.12
phpphp
7.0.13
phpphp
7.0.14
phpphp
7.1.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
php5
yakkety
dne
xenial
dne
trusty
not-affected
precise
not-affected
php7.0
yakkety
Fixed 7.0.15-0ubuntu0.16.10.2
released
xenial
Fixed 7.0.15-0ubuntu0.16.04.2
released
trusty
dne
precise
dne
Common Weakness Enumeration
References
http://php.net/ChangeLog-7.php
http://www.securityfocus.com/bid/95668
http://www.securitytracker.com/id/1037659
https://access.redhat.com/errata/RHSA-2018:1296
https://bugs.php.net/bug.php?id=73831
https://github.com/php/php-src/commit/8d2539fa0faf3f63e1d1e7635347c5b9e777d47b
http://php.net/ChangeLog-7.php
http://www.securityfocus.com/bid/95668
http://www.securitytracker.com/id/1037659
https://access.redhat.com/errata/RHSA-2018:1296
https://bugs.php.net/bug.php?id=73831
https://github.com/php/php-src/commit/8d2539fa0faf3f63e1d1e7635347c5b9e777d47b