In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when a SOAP server has a typemap configured, the decoding process contains a mistake which checks the wrong variable in case of missing value element. This leads to dereferences a NULL pointer, causing a segmentation fault. This allows a remote unauthenticated attacker to crash the PHP SOAP server process, resulting in denial of service.
Weakness
The product dereferences a pointer that it expects to be valid but is NULL.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Php | Php | 8.2.0 (including) | 8.2.31 (excluding) |
| Php | Php | 8.3.0 (including) | 8.3.31 (excluding) |
| Php | Php | 8.4.0 (including) | 8.4.21 (excluding) |
| Php | Php | 8.5.0 (including) | 8.5.6 (excluding) |
| Red Hat Enterprise Linux 10 | RedHat | php8.4-0:8.4.21-1.el10_2 | * |
| Red Hat Enterprise Linux 10 | RedHat | php-0:8.3.31-1.el10_2 | * |
| Red Hat Enterprise Linux 8 | RedHat | php:8.2-8100020260521052503.f7998665 | * |
| Red Hat Enterprise Linux 9 | RedHat | php:8.3-9080020260521113736.9 | * |
| Red Hat Enterprise Linux 9 | RedHat | php:8.2-9080020260521080715.9 | * |
| Php7.0 | Ubuntu | esm-infra/xenial | * |
| Php8.1 | Ubuntu | jammy | * |
| Php8.3 | Ubuntu | noble | * |
| Php8.3 | Ubuntu | upstream | * |
| Php8.4 | Ubuntu | questing | * |
| Php8.4 | Ubuntu | upstream | * |
| Php8.5 | Ubuntu | devel | * |
| Php8.5 | Ubuntu | resolute | * |
| Php8.5 | Ubuntu | upstream | * |