|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2008-08-26 22:33 UTC] jani@php.net
[2008-09-03 01:00 UTC] php-bugs at lists dot php dot net
[2008-09-10 23:23 UTC] felipe@php.net
[2008-09-11 14:25 UTC] rrichards@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Sun Nov 02 02:00:01 2025 UTC |
Description: ------------ If wddx_serialize_value is called on a SimpleXMLElement object that has at least one child, the PHP script enters an infinite loop consuming full CPU and allocating memory until the memory size limit is reached, after which the script dies. Reproduce code: --------------- <? $xml = new SimpleXMLElement('<data></data>'); $xml->addChild('test'); echo wddx_serialize_value($xml, 'Variables'); echo 'hello world'; ?> Expected result: ---------------- To see the WDDX output and 'hello world' :) Actual result: -------------- Potential DoS against web server and this log entry: [Sun Aug 24 06:44:19 2008] [error] [client 127.0.0.1] PHP Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 133955606 bytes) in /usr/home/aragon/dev/admin.infinite/test.php on line 5