CVE-2025-6491
php: NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix
| Publication Date | 2025-07-05 |
|---|---|
| Severity | Low |
| Type | Cross-Site Request Forgery |
| Affected PHP Versions |
|
| Fixed Product Versions |
|
CVE Details
A vulnerability was found in PHP. If a SoapVar instance is created with a fully qualified name larger than 2G, this will cause a NULL pointer dereference resulting in a segmentation fault, leading to a denial of service.
Recommendations
Currently, no mitigation is currently available for this vulnerability.