NULL pointer dereference in PHP session upload progress
|Type||Denial of Service|
|Affected PHP Versions|
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15, and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but
session.upload_progress.cleanup is set to 0 (disabled) and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter a null pointer dereference, which would likely lead to a crash.
session.upload_progress.cleanup INI value to 1 (enabled).
When possible, upgrade to 7.2.28 or above, 7.3.15 or above, or 7.4.3 or above.