CVE-2016-9934

php: NULL Pointer Dereference in WDDX Packet Deserialization with PDORow

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string.

ext/wddx/wddx.c en PHP en versiones anteriores a 5.6.28 y 7.x en versiones anteriores a 7.0.13 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL) a través datos serializados manipulados en un documento wddxPacket XML, como se demuestra por una cadena PDORow.

It was discovered that PHP incorrectly handled certain arguments to the locale_get_display_name function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to hang, resulting in a denial of service. Various other issues were also addressed.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2016-12-12 CVE Reserved
2016-12-13 CVE Published
2024-08-06 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-476: NULL Pointer Dereference

CAPEC

References (12)

URL	Tag	Source
http://www.openwall.com/lists/oss-security/2016/12/12/2	Mailing List
http://www.securityfocus.com/bid/94845	Vdb Entry

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://lists.opensuse.org/opensuse-updates/2016-12/msg00142.html	2018-05-04
http://lists.opensuse.org/opensuse-updates/2017-01/msg00034.html	2018-05-04
http://lists.opensuse.org/opensuse-updates/2017-01/msg00054.html	2018-05-04
http://www.php.net/ChangeLog-5.php	2018-05-04
http://www.php.net/ChangeLog-7.php	2018-05-04
https://access.redhat.com/errata/RHSA-2018:1296	2018-05-04
https://bugs.php.net/bug.php?id=73331	2018-05-04
https://github.com/php/php-src/commit/6045de69c7dedcba3eadf7c4bba424b19c81d00d	2018-05-04
https://access.redhat.com/security/cve/CVE-2016-9934	2018-05-03
https://bugzilla.redhat.com/show_bug.cgi?id=1404726	2018-05-03

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				<= 5.6.27 Search vendor "Php" for product "Php" and version " <= 5.6.27"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				7.0.0 Search vendor "Php" for product "Php" and version "7.0.0"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				7.0.1 Search vendor "Php" for product "Php" and version "7.0.1"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				7.0.2 Search vendor "Php" for product "Php" and version "7.0.2"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				7.0.3 Search vendor "Php" for product "Php" and version "7.0.3"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				7.0.4 Search vendor "Php" for product "Php" and version "7.0.4"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				7.0.5 Search vendor "Php" for product "Php" and version "7.0.5"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				7.0.6 Search vendor "Php" for product "Php" and version "7.0.6"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				7.0.7 Search vendor "Php" for product "Php" and version "7.0.7"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				7.0.8 Search vendor "Php" for product "Php" and version "7.0.8"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				7.0.9 Search vendor "Php" for product "Php" and version "7.0.9"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				7.0.10 Search vendor "Php" for product "Php" and version "7.0.10"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				7.0.11 Search vendor "Php" for product "Php" and version "7.0.11"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				7.0.12 Search vendor "Php" for product "Php" and version "7.0.12"		-		Affected