Description

In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wddx/wddx.c.

Remediation

References

CVE-2017-11143

Related Vulnerabilities

Serendipity Other Vulnerability (CVE-2005-1452)

WordPress Plugin RSS Aggregator by Feedzy-Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator SQL Injection (4.4.2)

WordPress Plugin Pinpoint Booking System-#1 WordPress Booking SQL Injection (2.0)

Oracle HTTP Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-3195)

MyBB Other Vulnerability (CVE-2007-0544)

Severity

High

Classification

CVE-2017-11143 CWE-502 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities