Description

ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string.

Remediation

References

CVE-2016-9934

Related Vulnerabilities

WordPress Plugin Jock on air now Multiple Vulnerabilities (5.6.1)

WordPress Plugin WP-CopyProtect [Protect your blog posts] Cross-Site Scripting (3.0.0)

Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2016-3690)

Envoy Proxy Use After Free Vulnerability (CVE-2021-43826)

WordPress Plugin Backlink Rechecker Multiple Cross-Site Scripting Vulnerabilities (1.2.1)

Severity

High

Classification

CVE-2016-9934 CWE-476 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities