Description
In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash.
Remediation
References
Related Vulnerabilities
WordPress Plugin WordPress Ultra Simple Paypal Shopping Cart Cross-Site Request Forgery (4.4)
Jboss EAP Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2019-0205)
WordPress Plugin Popup Like box-Page SQL Injection (3.5.2)
WordPress Plugin BuddyPress Information Disclosure (5.1.1)
Django Incorrect Default Permissions Vulnerability (CVE-2020-24584)