CVE-2017-11143

HIGH severity · CVSS 7.5 · Use-after-free

7.5CVSS HIGH

Summary

In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wddx/wddx.c.

Impact & exploitability

Attack vectorNetwork

Attack complexityLow

Privileges requiredNone

User interactionNone

Confidentiality impactNone

Integrity impactNone

Availability impactHigh

Exploit probability (EPSS)10%

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products we track (1)

PHP

Recommendation

Apply the vendor fix promptly. Open any affected product above for its exact safe version.

Official patch: http://openwall.com/lists/oss-security/2017/07/10/6 ↗

Additional information

NVD record
http://openwall.com/lists/oss-security/2017/07/10/6Patch
https://bugs.php.net/bug.php?id=74145Patch
http://php.net/ChangeLog-5.phpAdvisory
http://www.securityfocus.com/bid/99553
https://access.redhat.com/errata/RHSA-2018:1296
https://git.php.net/?p=php-src.git%3Ba=commit%3Bh=2aae60461c2ff7b7fbcdd194c789ac841d0747d7
https://security.netapp.com/advisory/ntap-20180112-0001/
https://www.debian.org/security/2018/dsa-4081