CVE-2016-9934

ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string.

References

Affected packages

Git / github.com/php/php-src

Affected ranges

Type: GIT
Repo: https://github.com/php/php-src
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

6045de69c7dedcba3eadf7c4bba424b19c81d00d

Affected versions

Other

NEWS

NEWS-cvs2svn

php-5.*

php-5.3.23RC1

php-5.3.29

php-5.3.29RC1

php-5.4.30RC1

php-5.4.32RC1

php-5.4.4RC2

php-5.5.24RC1

php-5.6.18RC1

php-5.6.19RC1

php-5.6.22RC1

php-5.6.23RC1

php-5.6.24RC1

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "source": "https://github.com/php/php-src/commit/6045de69c7dedcba3eadf7c4bba424b19c81d00d",
        "signature_type": "Function",
        "id": "CVE-2016-9934-3292b46b",
        "target": {
            "function": "php_wddx_serialize_object",
            "file": "ext/wddx/wddx.c"
        },
        "digest": {
            "length": 2328.0,
            "function_hash": "203489910867239056038489819079714958820"
        },
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/php/php-src/commit/6045de69c7dedcba3eadf7c4bba424b19c81d00d",
        "signature_type": "Function",
        "id": "CVE-2016-9934-90e75d8d",
        "target": {
            "function": "php_wddx_pop_element",
            "file": "ext/wddx/wddx.c"
        },
        "digest": {
            "length": 3269.0,
            "function_hash": "38084760367901890888276112576541338026"
        },
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/php/php-src/commit/6045de69c7dedcba3eadf7c4bba424b19c81d00d",
        "signature_type": "Line",
        "id": "CVE-2016-9934-d78b9641",
        "target": {
            "file": "ext/wddx/wddx.c"
        },
        "digest": {
            "line_hashes": [
                "172900333638220549912638008149015250258",
                "324065819535243319405260071543462638025",
                "141511344049989800827631464554216159557",
                "1935004335127762715962108917769862315",
                "284314525014635296635662839135029953166",
                "152054942954570715051303819364378904980",
                "234834534678236553761817866118838753053",
                "237359520942065444091838147670951760333",
                "106798185575848427823234339219596876460",
                "303681247456913702224310957279630550337",
                "13876277052082779495342015717593000033",
                "70871349833312050765039047183816752350",
                "339658316936791193697116823120198186380",
                "59243539269564991384781252823551159705",
                "110646776668336078987206669178223856815",
                "182786490022934465131166246465302362015",
                "9341187877375135596736533843331324726",
                "40379490391408304415211933162522324175",
                "303681247456913702224310957279630550337",
                "13876277052082779495342015717593000033",
                "70871349833312050765039047183816752350",
                "339658316936791193697116823120198186380",
                "69389006726278886197264798544780561145",
                "93685324661241726951986855234580217868",
                "57242604469365743424710317295088643837",
                "220489049791797107414235021933759358152",
                "314358971565583317957198901861448407934",
                "48891926996843008801295064908863450633",
                "23909968037286763074801896096330174588",
                "96289139002245123915112774774062479195",
                "28735383185160876305878647360936103511",
                "122841931526467021468270319911093593823",
                "209601026658473665458092509469485330657",
                "60067184931441847478227239418962061585",
                "55138418124713935641416762728668674564",
                "196911959538214258422050376945833724769",
                "115829286067129165480786491377649403772",
                "25843454327194974710640767978891303390",
                "18938768227988726294289860687433107000",
                "103192044752680903623744174246781220256",
                "9787733759229888205358977983468409509"
            ],
            "threshold": 0.9
        },
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/php/php-src/commit/6045de69c7dedcba3eadf7c4bba424b19c81d00d",
        "signature_type": "Line",
        "id": "CVE-2016-9934-eb87dd86",
        "target": {
            "file": "ext/pdo/pdo_stmt.c"
        },
        "digest": {
            "line_hashes": [
                "175311302156514932003826766995798393684",
                "319071739869221720645425546945732225806",
                "160127942862531637133396230262935187833",
                "25872075783212768218512930027044455264"
            ],
            "threshold": 0.9
        },
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/php/php-src/commit/6045de69c7dedcba3eadf7c4bba424b19c81d00d",
        "signature_type": "Function",
        "id": "CVE-2016-9934-f5f6b535",
        "target": {
            "function": "pdo_stmt_init",
            "file": "ext/pdo/pdo_stmt.c"
        },
        "digest": {
            "length": 1142.0,
            "function_hash": "279759402274865172055824071760829427798"
        },
        "deprecated": false
    }
]