We discovered a vulnerability in php/php-src (the core source code for PHP programming language) if a SoapVar instance is created with a fully qualified name larger than 2G, this will cause a NULL pointer dereference resulting in a segmentation fault, leading to a denial of service.