vulnerability

Debian: CVE-2017-11143: php5, php7.0 -- security update

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
Jul 10, 2017
Added
Jan 10, 2018
Modified
Nov 27, 2024

Description

In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wddx/wddx.c.

Solution(s)

debian-upgrade-php5debian-upgrade-php7-0
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.