|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2008-08-26 22:33 UTC] jani@php.net
[2008-09-03 01:00 UTC] php-bugs at lists dot php dot net
[2008-09-10 23:23 UTC] felipe@php.net
[2008-09-11 14:25 UTC] rrichards@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2026 The PHP GroupAll rights reserved. |
Last updated: Thu Jan 01 07:00:01 2026 UTC |
Description: ------------ If wddx_serialize_value is called on a SimpleXMLElement object that has at least one child, the PHP script enters an infinite loop consuming full CPU and allocating memory until the memory size limit is reached, after which the script dies. Reproduce code: --------------- <? $xml = new SimpleXMLElement('<data></data>'); $xml->addChild('test'); echo wddx_serialize_value($xml, 'Variables'); echo 'hello world'; ?> Expected result: ---------------- To see the WDDX output and 'hello world' :) Actual result: -------------- Potential DoS against web server and this log entry: [Sun Aug 24 06:44:19 2008] [error] [client 127.0.0.1] PHP Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 133955606 bytes) in /usr/home/aragon/dev/admin.infinite/test.php on line 5