Description
The tidy_diagnose function in PHP 5.3.8 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that attempts to perform Tidy::diagnose operations on invalid objects, a different vulnerability than CVE-2011-4153.
Remediation
References
Related Vulnerabilities
WordPress Plugin Word Balloon Cross-Site Scripting (4.19.2)
WordPress Plugin Two-Factor Authentication-Clockwork SMS Cross-Site Scripting (1.0.3)
Piwigo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-17774)
PHP Numeric Errors Vulnerability (CVE-2013-7226)
Envoy Proxy NULL Pointer Dereference Vulnerability (CVE-2024-45809)