The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via an invalid ISO 8601 time value, as demonstrated by a wddx_deserialize call that mishandles a dateTime element in a wddxPacket XML document.
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
| Link | Tags |
|---|---|
| http://www.php.net/ChangeLog-7.php | release notes |
| https://security.gentoo.org/glsa/201611-22 | vendor advisory |
| https://github.com/php/php-src/commit/426aeb2808955ee3d3f52e0cfb102834cdb836a5?w=1 | issue tracking patch |
| http://www.securitytracker.com/id/1036680 | vdb entry |
| http://rhn.redhat.com/errata/RHSA-2016-2750.html | vendor advisory |
| http://www.php.net/ChangeLog-5.php | release notes |
| https://www.tenable.com/security/tns-2016-19 | |
| http://openwall.com/lists/oss-security/2016/09/02/9 | mailing list |
| https://bugs.php.net/bug.php?id=72749 | issue tracking exploit |
| http://www.securityfocus.com/bid/92758 | vdb entry |