Description
ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string.
Remediation
References
Related Vulnerabilities
WordPress Plugin Jock on air now Multiple Vulnerabilities (5.6.1)
WordPress Plugin WP-CopyProtect [Protect your blog posts] Cross-Site Scripting (3.0.0)
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2016-3690)
Envoy Proxy Use After Free Vulnerability (CVE-2021-43826)
WordPress Plugin Backlink Rechecker Multiple Cross-Site Scripting Vulnerabilities (1.2.1)