This security bulletin contains one low risk vulnerability.
CWE-125 - Out-of-bounds read
Exploit availability: NoDescription
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in the php_wddx_push_element function in ext/wddx/wddx.c due to out-of-bounds read. A remote attacker can submit an empty boolean element in a wddxPacket XML document and cause the service to crash.
Update the affected package to version: 5.6.29+dfsg-0+deb8u1.Vulnerable software versions
php (Debian package): 5.6.0+dfsg-1 - 5.6.28+dfsg-0+deb8u1
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?