cbcvebase.
CVE-2016-7418
published 2016-09-17

CVE-2016-7418: The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid…

PriorityP340high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
11.40%
95.5th percentile
The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call.

Affected

16 ranges
VendorProductVersion rangeFixed in
applemacos_sierra_10.12.2_security_update_2016-003_el_capitan_and_security_update_201
phpphp<= 5.6.25
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp>= 0 < 5.6.27-r05.6.27-r0
phpphp>= 0 < 5.6.27-r05.6.27-r0
php5php5>= 0 < 5.5.9+dfsg-1ubuntu4.205.5.9+dfsg-1ubuntu4.20

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.