Filtered by vendor Php
Subscribe
Total
733 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-9226 | 2 Oniguruma Project, Php | 2 Oniguruma, Php | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption. | |||||
CVE-2017-9228 | 2 Oniguruma Project, Php | 2 Oniguruma, Php | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption. | |||||
CVE-2017-12932 | 1 Php | 1 Php | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
ext/standard/var_unserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x through 7.1.8 is prone to a heap use after free while unserializing untrusted data, related to improper use of the hash API for key deletion in a situation with an invalid array size. Exploitation of this issue can have an unspecified impact on the integrity of PHP. | |||||
CVE-2017-12933 | 1 Php | 1 Php | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of PHP. | |||||
CVE-2017-16642 | 4 Canonical, Debian, Netapp and 1 more | 5 Ubuntu Linux, Debian Linux, Clustered Data Ontap and 2 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145. | |||||
CVE-2017-11142 | 1 Php | 1 Php | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remote attackers could cause a CPU consumption denial of service attack by injecting long form variables, related to main/php_variables.c. | |||||
CVE-2017-9225 | 3 Oniguruma Project, Php, Ruby-lang | 3 Oniguruma, Php, Ruby | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during regular expression compilation. Code point 0xFFFFFFFF is not properly handled in unicode_unfold_key(). A malformed regular expression could result in 4 bytes being written off the end of a stack buffer of expand_case_fold_string() during the call to onigenc_unicode_get_case_fold_codes_by_str(), a typical stack buffer overflow. | |||||
CVE-2018-5711 | 3 Canonical, Debian, Php | 3 Ubuntu Linux, Debian Linux, Php | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx. | |||||
CVE-2017-12868 | 2 Php, Simplesamlphp | 2 Php, Simplesamlphp | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.13 and earlier, when used with PHP before 5.6, allows attackers to conduct session fixation attacks or possibly bypass authentication by leveraging missing character conversions before an XOR operation. | |||||
CVE-2017-11143 | 1 Php | 1 Php | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wddx/wddx.c. | |||||
CVE-2017-11144 | 1 Php | 1 Php | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation conflict for a negative number in ext/openssl/openssl.c, and an OpenSSL documentation omission. | |||||
CVE-2017-12934 | 1 Php | 1 Php | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
ext/standard/var_unserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x before 7.1.7 is prone to a heap use after free while unserializing untrusted data, related to the zval_get_type function in Zend/zend_types.h. Exploitation of this issue can have an unspecified impact on the integrity of PHP. | |||||
CVE-2017-11628 | 1 Php | 1 Php | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications that accept untrusted input (instead of the system's php.ini file) for the parse_ini_string or parse_ini_file function, e.g., a web application for syntax validation of php.ini directives. | |||||
CVE-2016-9138 | 1 Php | 1 Php | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data, as demonstrated by Exception::__toString with DateInterval::__wakeup. | |||||
CVE-2016-5873 | 1 Php | 1 Pecl Http | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Buffer overflow in the HTTP URL parsing functions in pecl_http before 3.0.1 might allow remote attackers to execute arbitrary code via non-printable characters in a URL. | |||||
CVE-2017-5340 | 2 Netapp, Php | 2 Clustered Data Ontap, Php | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data. | |||||
CVE-2016-9137 | 1 Php | 1 Php | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wakeup processing. | |||||
CVE-2016-9933 | 2 Libgd, Php | 2 Libgd, Php | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value. | |||||
CVE-2014-9912 | 1 Php | 1 Php | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The get_icu_disp_value_src_php function in ext/intl/locale/locale_methods.c in PHP before 5.3.29, 5.4.x before 5.4.30, and 5.5.x before 5.5.14 does not properly restrict calls to the ICU uresbund.cpp component, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a locale_get_display_name call with a long first argument. | |||||
CVE-2016-10162 | 1 Php | 1 Php | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The php_wddx_pop_element function in ext/wddx/wddx.c in PHP 7.0.x before 7.0.15 and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an inapplicable class name in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call. |