Volerion logoVolerion
Volerion logoVolerion

PHP SOAP Server NULL Pointer Dereference Vulnerability in Typemap Decoding

Vulnerability

A NULL pointer dereference vulnerability has been identified in the PHP SOAP server process, specifically in versions 8.2.* prior to 8.2.31, 8.3.* prior to 8.3.31, 8.4.* prior to 8.4.21, and 8.5.* prior to 8.5.6. The issue arises when a SOAP server has a typemap configured, leading to a segmentation fault. This vulnerability allows a remote unauthenticated attacker to crash the PHP SOAP server process, causing a denial-of-service condition.

Impact

Exploitation of this vulnerability leads to a segmentation fault caused by a NULL pointer dereference, crashing the PHP SOAP server process and causing a denial-of-service condition.

Reproduction

To reproduce this vulnerability, first ensure that the PHP SOAP server is running with a typemap configured. Then, send a SOAP request that includes an 'apache:Map' node with a missing '<value>' element. The server will segfault due to the NULL pointer dereference, demonstrating the vulnerability.

Remediation

Users can upgrade to PHP versions 8.2.31, 8.3.31, 8.4.21, or 8.5.6 to address this vulnerability.

Added: May 10, 2026, 5:20 AM
Updated: May 10, 2026, 5:20 AM

Vulnerability Rating

Custom Algorithm
spread
9.4
impact
2.5
exploitability
8.2
remediation
7.7
relevance
7.9
threat
6.4
urgency
5.7
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.