| | 61 | |
| | 62 | {{{ |
| | 63 | - CVE-2016-9935 (denial of service) |
| | 64 | |
| | 65 | The php_wddx_push_element function in ext/wddx/wddx.c in PHP before |
| | 66 | 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial |
| | 67 | of service (out-of-bounds read and memory corruption) or possibly have |
| | 68 | unspecified other impact via an empty boolean element in a wddxPacket |
| | 69 | XML document. |
| | 70 | |
| | 71 | - CVE-2016-9936 (arbitrary code execution) |
| | 72 | |
| | 73 | The unserialize implementation in ext/standard/var.c in PHP 7.x before |
| | 74 | 7.0.14 allows remote attackers to cause a denial of service (use-after- |
| | 75 | free) or possibly execute arbitrary code via crafted serialized data. |
| | 76 | |
| | 77 | - CVE-2017-5340 (arbitrary code execution) |
| | 78 | |
| | 79 | It was found that PHP uses uninitialized memory during calls to |
| | 80 | `unserialize()`. The payload supplied to `unserialize()` may control |
| | 81 | this uninitialized memory region and thus may be used to trick PHP into |
| | 82 | operating on faked objects and calling attacker controlled destructor |
| | 83 | function pointers, effectively allowing arbitrary code execution via |
| | 84 | specially crafted serialized data. |
| | 85 | |
| | 86 | Impact |
| | 87 | ====== |
| | 88 | |
| | 89 | A remote attacker is able to use specially crafted input to perform a |
| | 90 | denial of service attack or execute arbitrary code on the affected |
| | 91 | host. |
| | 92 | }}} |
