{"id":"CVE-2016-9934","details":"ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string.","modified":"2026-04-16T06:21:33.776396567Z","published":"2017-01-04T20:59:00.527Z","related":["SUSE-SU-2017:0017-1","SUSE-SU-2017:0038-1","SUSE-SU-2017:0109-1"],"references":[{"type":"WEB","url":"http://www.securityfocus.com/bid/94845"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-updates/2017-01/msg00034.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-updates/2017-01/msg00054.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-updates/2016-12/msg00142.html"},{"type":"ADVISORY","url":"http://www.php.net/ChangeLog-5.php"},{"type":"ADVISORY","url":"http://www.php.net/ChangeLog-7.php"},{"type":"ADVISORY","url":"https://github.com/php/php-src/commit/6045de69c7dedcba3eadf7c4bba424b19c81d00d"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2016/12/12/2"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:1296"},{"type":"ADVISORY","url":"https://bugs.php.net/bug.php?id=73331"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/php/php-src","events":[{"introduced":"0"},{"last_affected":"e42bdcb7aa74c7846b984ef25462780ed135103f"},{"introduced":"0"},{"last_affected":"60fffd296abce5fc071f3c173c25a2696cf683c6"},{"introduced":"0"},{"last_affected":"4054ec69da7631046f19d54ab06f09728a208b8b"},{"introduced":"0"},{"last_affected":"038c63cdea0472176ec2fdb162cfbd96e8c5f83e"},{"introduced":"0"},{"last_affected":"4e1b8701573698f56e12672e4991d7e6239138d2"},{"introduced":"0"},{"last_affected":"e09845d32614a19188632f410316478fbb440ebd"},{"introduced":"0"},{"last_affected":"249a8fd9ae2324c84ede7ecfca6f6026e6d87df6"},{"introduced":"0"},{"last_affected":"734a5fca2c4731e34eca551f28be9a10ffc3f3c9"},{"introduced":"0"},{"last_affected":"fb59213fc461f079bc218abf44cb5e2b4db2182c"},{"introduced":"0"},{"last_affected":"a36407215f69ba2debf77933dcb3faa0c3ba2d04"},{"introduced":"0"},{"last_affected":"9d582eba7448f1495fae62b13d95d2844ce6b28a"},{"introduced":"0"},{"last_affected":"da12ca9c1ed03084e6803f5e81e46f2e0a80460a"},{"introduced":"0"},{"last_affected":"e2874f7bf990ed58ba6f7abccefa2c00a0447fc7"},{"introduced":"0"},{"last_affected":"140e2adb5ab8a5ed0624366c0416f07b8aa17254"},{"fixed":"6045de69c7dedcba3eadf7c4bba424b19c81d00d"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"5.6.27"},{"introduced":"0"},{"last_affected":"7.0.0"},{"introduced":"0"},{"last_affected":"7.0.1"},{"introduced":"0"},{"last_affected":"7.0.2"},{"introduced":"0"},{"last_affected":"7.0.3"},{"introduced":"0"},{"last_affected":"7.0.4"},{"introduced":"0"},{"last_affected":"7.0.5"},{"introduced":"0"},{"last_affected":"7.0.6"},{"introduced":"0"},{"last_affected":"7.0.7"},{"introduced":"0"},{"last_affected":"7.0.8"},{"introduced":"0"},{"last_affected":"7.0.9"},{"introduced":"0"},{"last_affected":"7.0.10"},{"introduced":"0"},{"last_affected":"7.0.11"},{"introduced":"0"},{"last_affected":"7.0.12"}]}}],"versions":["POST_64BIT_BRANCH_MERGE","POST_AST_MERGE","POST_PHP7_NSAPI_REMOVAL","POST_PHP7_REMOVALS","POST_PHPNG_MERGE","PRE_64BIT_BRANCH_MERGE","PRE_AST_MERGE","PRE_PHP7_EREG_MYSQL_REMOVALS","PRE_PHP7_NSAPI_REMOVAL","PRE_PHP7_REMOVALS","php-5.6.27","php-5.6.27RC1","php-7.0.0","php-7.0.0RC1","php-7.0.0RC2","php-7.0.0RC3","php-7.0.0RC4","php-7.0.0RC5","php-7.0.0RC6","php-7.0.0RC7","php-7.0.0RC8","php-7.0.0alpha1","php-7.0.0alpha2","php-7.0.0beta1","php-7.0.0beta2","php-7.0.0beta3","php-7.0.1","php-7.0.10","php-7.0.10RC1","php-7.0.11","php-7.0.11RC1","php-7.0.12","php-7.0.1RC1","php-7.0.2","php-7.0.2RC1","php-7.0.3","php-7.0.4","php-7.0.4RC1","php-7.0.5","php-7.0.5RC1","php-7.0.6","php-7.0.6RC1","php-7.0.7","php-7.0.7RC1","php-7.0.8","php-7.0.8RC1","php-7.0.9","php-7.0.9RC1"],"database_specific":{"vanir_signatures":[{"signature_version":"v1","target":{"function":"php_wddx_serialize_object","file":"ext/wddx/wddx.c"},"source":"https://github.com/php/php-src/commit/6045de69c7dedcba3eadf7c4bba424b19c81d00d","deprecated":false,"signature_type":"Function","digest":{"length":2328,"function_hash":"203489910867239056038489819079714958820"},"id":"CVE-2016-9934-3292b46b"},{"signature_version":"v1","source":"https://github.com/php/php-src/commit/6045de69c7dedcba3eadf7c4bba424b19c81d00d","target":{"function":"php_wddx_pop_element","file":"ext/wddx/wddx.c"},"deprecated":false,"signature_type":"Function","digest":{"length":3269,"function_hash":"38084760367901890888276112576541338026"},"id":"CVE-2016-9934-90e75d8d"},{"signature_version":"v1","source":"https://github.com/php/php-src/commit/6045de69c7dedcba3eadf7c4bba424b19c81d00d","target":{"file":"ext/wddx/wddx.c"},"deprecated":false,"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["172900333638220549912638008149015250258","324065819535243319405260071543462638025","141511344049989800827631464554216159557","1935004335127762715962108917769862315","284314525014635296635662839135029953166","152054942954570715051303819364378904980","234834534678236553761817866118838753053","237359520942065444091838147670951760333","106798185575848427823234339219596876460","303681247456913702224310957279630550337","13876277052082779495342015717593000033","70871349833312050765039047183816752350","339658316936791193697116823120198186380","59243539269564991384781252823551159705","110646776668336078987206669178223856815","182786490022934465131166246465302362015","9341187877375135596736533843331324726","40379490391408304415211933162522324175","303681247456913702224310957279630550337","13876277052082779495342015717593000033","70871349833312050765039047183816752350","339658316936791193697116823120198186380","69389006726278886197264798544780561145","93685324661241726951986855234580217868","57242604469365743424710317295088643837","220489049791797107414235021933759358152","314358971565583317957198901861448407934","48891926996843008801295064908863450633","23909968037286763074801896096330174588","96289139002245123915112774774062479195","28735383185160876305878647360936103511","122841931526467021468270319911093593823","209601026658473665458092509469485330657","60067184931441847478227239418962061585","55138418124713935641416762728668674564","196911959538214258422050376945833724769","115829286067129165480786491377649403772","25843454327194974710640767978891303390","18938768227988726294289860687433107000","103192044752680903623744174246781220256","9787733759229888205358977983468409509"]},"id":"CVE-2016-9934-d78b9641"},{"signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["175311302156514932003826766995798393684","319071739869221720645425546945732225806","160127942862531637133396230262935187833","25872075783212768218512930027044455264"]},"deprecated":false,"target":{"file":"ext/pdo/pdo_stmt.c"},"source":"https://github.com/php/php-src/commit/6045de69c7dedcba3eadf7c4bba424b19c81d00d","id":"CVE-2016-9934-eb87dd86"},{"signature_version":"v1","signature_type":"Function","digest":{"length":1142,"function_hash":"279759402274865172055824071760829427798"},"deprecated":false,"target":{"function":"pdo_stmt_init","file":"ext/pdo/pdo_stmt.c"},"source":"https://github.com/php/php-src/commit/6045de69c7dedcba3eadf7c4bba424b19c81d00d","id":"CVE-2016-9934-f5f6b535"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-9934.json","vanir_signatures_modified":"2026-04-11T03:57:09Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}