Home CVE Database CVE-2017-11143

CVE-2017-11143

Description

In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wddx/wddx.c.

Priority: MEDIUM
CVSS v3: 7.5
Publish Date: Jul 10, 2017
Related ID: --
CVSS v2: High
Modified Date: Jul 10, 2017

Find out more about CVE-2017-11143 from the MITRE-CVE dictionary and NIST NVD


Products Affected

Login may be required to access defects or downloads.

Related Products

Product Name Status Defect Fixed Downloads
Linux 7 SCP Not Vulnerable -- -- --
Linux 7 CGP Not Vulnerable -- -- --

Comments

php

Live chat
Online