The OpenPSA project used
xml_parse_into_struct in an overly permissive manner, via file upload. This can cause a denial of service scenario for certain PHP versions.
Where the Issue Occurred
The code below (found in
/lib/net/nemein/rss/handler/admin.php on line 93 - 94) creates an XML parser and attempts to parse the file provided by the user:
$opml_parser = xml_parser_create(); xml_parse_into_struct($opml_parser, $opml_data, $opml_values);
A denial of service scenario can be created for vulnerable PHP versions, using a specially crafted XML file.
- Issue Reported: 29th May 2018
- Issue Resolved: 30th May 2018
- Blog Post Published: 1st June 2018
- Applied for CVE: 24th June 2018