NULL pointer dereference in PHP session upload progress

Publication Date2020-02-04
SeverityModerate
TypeDenial of Service
Affected PHP Versions
  • 7.2.0 - 7.2.27
  • 7.3.0 - 7.3.14
  • 7.4.0 - 7.4.2

CVE Details

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15, and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled) and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter a null pointer dereference, which would likely lead to a crash.

Recommendations

Set the session.upload_progress.cleanup INI value to 1 (enabled).

When possible, upgrade to 7.2.28 or above, 7.3.15 or above, or 7.4.3 or above.