FKIE_CVE-2016-9934

Vulnerability from fkie_nvd - Published: 2017-01-04 20:59 - Updated: 2025-04-12 10:46
Severity ?
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-updates/2016-12/msg00142.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-updates/2017-01/msg00034.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-updates/2017-01/msg00054.html
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2016/12/12/2Third Party Advisory
cve@mitre.orghttp://www.php.net/ChangeLog-5.phpRelease Notes, Vendor Advisory
cve@mitre.orghttp://www.php.net/ChangeLog-7.phpRelease Notes, Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/94845
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2018:1296
cve@mitre.orghttps://bugs.php.net/bug.php?id=73331Vendor Advisory
cve@mitre.orghttps://github.com/php/php-src/commit/6045de69c7dedcba3eadf7c4bba424b19c81d00dVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2016-12/msg00142.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2017-01/msg00034.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2017-01/msg00054.html
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2016/12/12/2Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.php.net/ChangeLog-5.phpRelease Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.php.net/ChangeLog-7.phpRelease Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/94845
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1296
af854a3a-2127-422b-91ae-364da2661108https://bugs.php.net/bug.php?id=73331Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/php/php-src/commit/6045de69c7dedcba3eadf7c4bba424b19c81d00dVendor Advisory
Impacted products
Vendor Product Version
php php *
php php 7.0.0
php php 7.0.1
php php 7.0.2
php php 7.0.3
php php 7.0.4
php php 7.0.5
php php 7.0.6
php php 7.0.7
php php 7.0.8
php php 7.0.9
php php 7.0.10
php php 7.0.11
php php 7.0.12
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEBFD36E-4559-474C-ADEE-3686F156180C",
              "versionEndIncluding": "5.6.27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB6890AF-8A0A-46EE-AAD5-CF9AAE14A321",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B90B947-7B54-47F3-9637-2F4AC44079EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "35848414-BD5D-4164-84DC-61ABBB1C4152",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B1F8402-8551-4F66-A9A7-81D472AB058E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:7.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A773E8E-48CD-4D35-A0FD-629BD9334486",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:7.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC492340-79AF-4676-A161-079A97EC6F0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:7.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1C2D8FE-C380-4B43-B634-A3DBA4700A71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:7.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EB58393-0C10-413C-8D95-6BAA8BC19A1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:7.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "751F51CA-9D88-4971-A6EC-8C0B72E8E22B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:7.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "37B74118-8FC2-44CB-9673-A83DF777B2E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:7.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D56A200-1477-40DA-9444-CFC946157C69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:7.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD0D1CCC-A857-4C15-899E-08F9255CEE34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:7.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "6745CC43-2836-4CD8-848F-EEA08AE9D5AC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string."
    },
    {
      "lang": "es",
      "value": "ext/wddx/wddx.c en PHP en versiones anteriores a 5.6.28 y 7.x en versiones anteriores a 7.0.13 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (referencia a puntero NULL) a trav\u00e9s datos serializados manipulados en un documento wddxPacket XML, como se demuestra por una cadena PDORow."
    }
  ],
  "id": "CVE-2016-9934",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-01-04T20:59:00.527",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00142.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00034.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00054.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/12/12/2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "http://www.php.net/ChangeLog-5.php"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "http://www.php.net/ChangeLog-7.php"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/94845"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://access.redhat.com/errata/RHSA-2018:1296"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://bugs.php.net/bug.php?id=73331"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/php/php-src/commit/6045de69c7dedcba3eadf7c4bba424b19c81d00d"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00142.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00034.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00054.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/12/12/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "http://www.php.net/ChangeLog-5.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "http://www.php.net/ChangeLog-7.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/94845"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2018:1296"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://bugs.php.net/bug.php?id=73331"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/php/php-src/commit/6045de69c7dedcba3eadf7c4bba424b19c81d00d"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.