CVE-2016-9934
EUVD-2016-1072104.01.2017, 20:59
ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| php | php | 𝑥 ≤ 5.6.27 |
| php | php | 7.0.0 |
| php | php | 7.0.1 |
| php | php | 7.0.2 |
| php | php | 7.0.3 |
| php | php | 7.0.4 |
| php | php | 7.0.5 |
| php | php | 7.0.6 |
| php | php | 7.0.7 |
| php | php | 7.0.8 |
| php | php | 7.0.9 |
| php | php | 7.0.10 |
| php | php | 7.0.11 |
| php | php | 7.0.12 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Common Weakness Enumeration
References