Description
The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document.
Remediation
References
Related Vulnerabilities
Jboss EAP Uncontrolled Resource Consumption Vulnerability (CVE-2019-19343)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-6100)
Joomla Improper Input Validation Vulnerability (CVE-2018-12712)
Craft CMS Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2021-41824)