{"id":"CVE-2016-9934","details":"ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string.","modified":"2026-02-24T11:19:57.569884Z","published":"2017-01-04T20:59:00.527Z","related":["MGASA-2016-0422","SUSE-SU-2017:0017-1","SUSE-SU-2017:0038-1","SUSE-SU-2017:0109-1"],"references":[{"type":"WEB","url":"http://lists.opensuse.org/opensuse-updates/2016-12/msg00142.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-updates/2017-01/msg00034.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-updates/2017-01/msg00054.html"},{"type":"WEB","url":"http://www.securityfocus.com/bid/94845"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2016/12/12/2"},{"type":"ADVISORY","url":"http://www.php.net/ChangeLog-5.php"},{"type":"ADVISORY","url":"http://www.php.net/ChangeLog-7.php"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:1296"},{"type":"ADVISORY","url":"https://bugs.php.net/bug.php?id=73331"},{"type":"ADVISORY","url":"https://github.com/php/php-src/commit/6045de69c7dedcba3eadf7c4bba424b19c81d00d"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/php/php-src","events":[{"introduced":"0"},{"fixed":"6045de69c7dedcba3eadf7c4bba424b19c81d00d"}]}],"versions":["NEWS","NEWS-cvs2svn","php-5.3.23RC1","php-5.3.29","php-5.3.29RC1","php-5.4.30RC1","php-5.4.32RC1","php-5.4.4RC2","php-5.5.24RC1","php-5.6.18RC1","php-5.6.19RC1","php-5.6.22RC1","php-5.6.23RC1","php-5.6.24RC1"],"database_specific":{"vanir_signatures":[{"signature_version":"v1","signature_type":"Function","digest":{"length":2328,"function_hash":"203489910867239056038489819079714958820"},"source":"https://github.com/php/php-src/commit/6045de69c7dedcba3eadf7c4bba424b19c81d00d","deprecated":false,"target":{"file":"ext/wddx/wddx.c","function":"php_wddx_serialize_object"},"id":"CVE-2016-9934-3292b46b"},{"signature_version":"v1","signature_type":"Function","digest":{"length":3269,"function_hash":"38084760367901890888276112576541338026"},"source":"https://github.com/php/php-src/commit/6045de69c7dedcba3eadf7c4bba424b19c81d00d","deprecated":false,"target":{"file":"ext/wddx/wddx.c","function":"php_wddx_pop_element"},"id":"CVE-2016-9934-90e75d8d"},{"signature_version":"v1","signature_type":"Line","digest":{"line_hashes":["172900333638220549912638008149015250258","324065819535243319405260071543462638025","141511344049989800827631464554216159557","1935004335127762715962108917769862315","284314525014635296635662839135029953166","152054942954570715051303819364378904980","234834534678236553761817866118838753053","237359520942065444091838147670951760333","106798185575848427823234339219596876460","303681247456913702224310957279630550337","13876277052082779495342015717593000033","70871349833312050765039047183816752350","339658316936791193697116823120198186380","59243539269564991384781252823551159705","110646776668336078987206669178223856815","182786490022934465131166246465302362015","9341187877375135596736533843331324726","40379490391408304415211933162522324175","303681247456913702224310957279630550337","13876277052082779495342015717593000033","70871349833312050765039047183816752350","339658316936791193697116823120198186380","69389006726278886197264798544780561145","93685324661241726951986855234580217868","57242604469365743424710317295088643837","220489049791797107414235021933759358152","314358971565583317957198901861448407934","48891926996843008801295064908863450633","23909968037286763074801896096330174588","96289139002245123915112774774062479195","28735383185160876305878647360936103511","122841931526467021468270319911093593823","209601026658473665458092509469485330657","60067184931441847478227239418962061585","55138418124713935641416762728668674564","196911959538214258422050376945833724769","115829286067129165480786491377649403772","25843454327194974710640767978891303390","18938768227988726294289860687433107000","103192044752680903623744174246781220256","9787733759229888205358977983468409509"],"threshold":0.9},"source":"https://github.com/php/php-src/commit/6045de69c7dedcba3eadf7c4bba424b19c81d00d","deprecated":false,"target":{"file":"ext/wddx/wddx.c"},"id":"CVE-2016-9934-d78b9641"},{"signature_version":"v1","signature_type":"Line","digest":{"line_hashes":["175311302156514932003826766995798393684","319071739869221720645425546945732225806","160127942862531637133396230262935187833","25872075783212768218512930027044455264"],"threshold":0.9},"source":"https://github.com/php/php-src/commit/6045de69c7dedcba3eadf7c4bba424b19c81d00d","deprecated":false,"target":{"file":"ext/pdo/pdo_stmt.c"},"id":"CVE-2016-9934-eb87dd86"},{"signature_version":"v1","signature_type":"Function","digest":{"length":1142,"function_hash":"279759402274865172055824071760829427798"},"source":"https://github.com/php/php-src/commit/6045de69c7dedcba3eadf7c4bba424b19c81d00d","deprecated":false,"target":{"file":"ext/pdo/pdo_stmt.c","function":"pdo_stmt_init"},"id":"CVE-2016-9934-f5f6b535"}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-9934.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}