diff --git a/docs/rules-v1.json b/docs/rules-v1.json index 5b1e7503..80923852 100644 --- a/docs/rules-v1.json +++ b/docs/rules-v1.json @@ -1,13 +1,13 @@ { - "lastUpdatedDate": "2025-04-09T02:38:18+0000", + "lastUpdatedDate": "2025-04-24T18:55:25+0000", "name": "PHP Version Audit", "website": "https://github.com/lightswitch05/php-version-audit", "licence": "https://github.com/lightswitch05/php-version-audit/blob/master/LICENSE", "source": "https://www.github.developerdan.com/php-version-audit/rules-v1.json", - "releasesCount": 519, - "cveCount": 364, + "releasesCount": 521, + "cveCount": 104, "supportVersionsCount": 23, - "latestVersion": "8.4.5", + "latestVersion": "8.4.6", "latestVersions": { "4": "4.4.9", "4.0": "4.0.6", @@ -29,12 +29,12 @@ "7.2": "7.2.34", "7.3": "7.3.33", "7.4": "7.4.33", - "8": "8.4.5", + "8": "8.4.6", "8.0": "8.0.30", "8.1": "8.1.32", "8.2": "8.2.28", - "8.3": "8.3.19", - "8.4": "8.4.5" + "8.3": "8.3.20", + "8.4": "8.4.6" }, "supportEndDates": { "3.0": { @@ -3408,6 +3408,10 @@ "CVE-2025-1861" ] }, + "8.3.20": { + "releaseDate": "2025-04-10T00:00:00+0000", + "patchedCves": [] + }, "8.4.1": { "releaseDate": "2024-11-21T00:00:00+0000", "patchedCves": [] @@ -3434,590 +3438,13 @@ "CVE-2025-1736", "CVE-2025-1861" ] + }, + "8.4.6": { + "releaseDate": "2025-04-10T00:00:00+0000", + "patchedCves": [] } }, "cves": { - "CVE-2006-7243": { - "id": "CVE-2006-7243", - "baseScore": 5, - "publishedDate": "2011-01-18T20:00:00+0000", - "lastModifiedDate": "2024-11-21T00:24:00+0000", - "description": "PHP before 5.3.4 accepts the \\0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\\0.jpg at the end of the argument to the file_exists function." - }, - "CVE-2007-0455": { - "id": "CVE-2007-0455", - "baseScore": 7.5, - "publishedDate": "2007-01-30T17:28:00+0000", - "lastModifiedDate": "2024-11-21T00:25:00+0000", - "description": "Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font." - }, - "CVE-2007-1001": { - "id": "CVE-2007-1001", - "baseScore": 6.8, - "publishedDate": "2007-04-06T00:19:00+0000", - "lastModifiedDate": "2024-11-21T00:27:00+0000", - "description": "Multiple integer overflows in the (1) createwbmp and (2) readwbmp functions in wbmp.c in the GD library (libgd) in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allow context-dependent attackers to execute arbitrary code via Wireless Bitmap (WBMP) images with large width or height values." - }, - "CVE-2007-1887": { - "id": "CVE-2007-1887", - "baseScore": 7.5, - "publishedDate": "2007-04-06T01:19:00+0000", - "lastModifiedDate": "2024-11-21T00:29:00+0000", - "description": "Buffer overflow in the sqlite_decode_binary function in the bundled sqlite library in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter, as demonstrated by calling the sqlite_udf_decode_binary function with a 0x01 character." - }, - "CVE-2007-1900": { - "id": "CVE-2007-1900", - "baseScore": 5, - "publishedDate": "2007-04-10T18:19:00+0000", - "lastModifiedDate": "2024-11-21T00:29:00+0000", - "description": "CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a '\\n' character, which causes a regular expression to ignore the subsequent part of the address string." - }, - "CVE-2007-2756": { - "id": "CVE-2007-2756", - "baseScore": 4.3, - "publishedDate": "2007-05-18T18:30:00+0000", - "lastModifiedDate": "2024-11-21T00:31:00+0000", - "description": "The gdPngReadData function in libgd 2.0.34 allows user-assisted attackers to cause a denial of service (CPU consumption) via a crafted PNG image with truncated data, which causes an infinite loop in the png_read_info function in libpng." - }, - "CVE-2007-2872": { - "id": "CVE-2007-2872", - "baseScore": 6.8, - "publishedDate": "2007-06-04T17:30:00+0000", - "lastModifiedDate": "2024-11-21T00:31:00+0000", - "description": "Multiple integer overflows in the chunk_split function in PHP 5 before 5.2.3 and PHP 4 before 4.4.8 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via the (1) chunks, (2) srclen, and (3) chunklen arguments." - }, - "CVE-2007-3378": { - "id": "CVE-2007-3378", - "baseScore": 6.8, - "publishedDate": "2007-06-29T18:30:00+0000", - "lastModifiedDate": "2024-11-21T00:33:00+0000", - "description": "The (1) session_save_path, (2) ini_set, and (3) error_log functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safe_mode and open_basedir restrictions and possibly execute arbitrary commands, as demonstrated using (a) php_value, (b) php_flag, and (c) directives in .htaccess." - }, - "CVE-2007-3806": { - "id": "CVE-2007-3806", - "baseScore": 6.8, - "publishedDate": "2007-07-17T00:30:00+0000", - "lastModifiedDate": "2024-11-21T00:34:00+0000", - "description": "The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platforms, and possibly related to lack of initialization for a glob structure." - }, - "CVE-2007-4783": { - "id": "CVE-2007-4783", - "baseScore": 5, - "publishedDate": "2007-09-10T21:17:00+0000", - "lastModifiedDate": "2024-11-21T00:36:00+0000", - "description": "The iconv_substr function in PHP 5.2.4 and earlier allows context-dependent attackers to cause (1) a denial of service (application crash) via a long string in the charset parameter, probably also requiring a long string in the str parameter; or (2) a denial of service (temporary application hang) via a long string in the str parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution." - }, - "CVE-2007-4840": { - "id": "CVE-2007-4840", - "baseScore": 5, - "publishedDate": "2007-09-12T20:17:00+0000", - "lastModifiedDate": "2024-11-21T00:36:00+0000", - "description": "PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the out_charset parameter to the iconv function; or a long string in the charset parameter to the (2) iconv_mime_decode_headers, (3) iconv_mime_decode, or (4) iconv_strlen function. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution." - }, - "CVE-2007-4887": { - "id": "CVE-2007-4887", - "baseScore": 4.3, - "publishedDate": "2007-09-14T00:17:00+0000", - "lastModifiedDate": "2024-11-21T00:36:00+0000", - "description": "The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter. NOTE: there are limited usage scenarios under which this would be a vulnerability." - }, - "CVE-2008-0599": { - "id": "CVE-2008-0599", - "baseScore": 9.8, - "publishedDate": "2008-05-05T17:20:00+0000", - "lastModifiedDate": "2024-11-21T00:42:00+0000", - "description": "The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI." - }, - "CVE-2008-2371": { - "id": "CVE-2008-2371", - "baseScore": 7.5, - "publishedDate": "2008-07-07T23:41:00+0000", - "lastModifiedDate": "2024-11-21T00:46:00+0000", - "description": "Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple branches." - }, - "CVE-2008-2665": { - "id": "CVE-2008-2665", - "baseScore": 5, - "publishedDate": "2008-06-20T01:41:00+0000", - "lastModifiedDate": "2024-11-21T00:47:00+0000", - "description": "Directory traversal vulnerability in the posix_access function in PHP 5.2.6 and earlier allows remote attackers to bypass safe_mode restrictions via a .. (dot dot) in an http URL, which results in the URL being canonicalized to a local filename after the safe_mode check has successfully run." - }, - "CVE-2008-2666": { - "id": "CVE-2008-2666", - "baseScore": 5, - "publishedDate": "2008-06-20T01:41:00+0000", - "lastModifiedDate": "2024-11-21T00:47:00+0000", - "description": "Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier allow context-dependent attackers to bypass safe_mode restrictions by creating a subdirectory named http: and then placing ../ (dot dot slash) sequences in an http URL argument to the (1) chdir or (2) ftok function." - }, - "CVE-2008-2829": { - "id": "CVE-2008-2829", - "baseScore": 5, - "publishedDate": "2008-06-23T20:41:00+0000", - "lastModifiedDate": "2024-11-21T00:47:00+0000", - "description": "php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses obsolete API calls that allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long IMAP request, which triggers an \"rfc822.c legacy routine buffer overflow\" error message, related to the rfc822_write_address function." - }, - "CVE-2008-3658": { - "id": "CVE-2008-3658", - "baseScore": 7.5, - "publishedDate": "2008-08-15T00:41:00+0000", - "lastModifiedDate": "2024-11-21T00:49:00+0000", - "description": "Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP 4.4.x before 4.4.9 and PHP 5.2 before 5.2.6-r6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file." - }, - "CVE-2008-3659": { - "id": "CVE-2008-3659", - "baseScore": 6.4, - "publishedDate": "2008-08-15T00:41:00+0000", - "lastModifiedDate": "2024-11-21T00:49:00+0000", - "description": "Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via the delimiter argument to the explode function. NOTE: the scope of this issue is limited since most applications would not use an attacker-controlled delimiter, but local attacks against safe_mode are feasible." - }, - "CVE-2008-3660": { - "id": "CVE-2008-3660", - "baseScore": 5, - "publishedDate": "2008-08-15T00:41:00+0000", - "lastModifiedDate": "2024-11-21T00:49:00+0000", - "description": "PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service (crash) via a request with multiple dots preceding the extension, as demonstrated using foo..php." - }, - "CVE-2008-5498": { - "id": "CVE-2008-5498", - "baseScore": 5, - "publishedDate": "2008-12-26T20:30:00+0000", - "lastModifiedDate": "2024-11-21T00:54:00+0000", - "description": "Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image." - }, - "CVE-2010-0397": { - "id": "CVE-2010-0397", - "baseScore": 5, - "publishedDate": "2010-03-16T19:30:00+0000", - "lastModifiedDate": "2024-11-21T01:12:00+0000", - "description": "The xmlrpc extension in PHP 5.3.1 does not properly handle a missing methodName element in the first argument to the xmlrpc_decode_request function, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly have unspecified other impact via a crafted argument." - }, - "CVE-2010-2225": { - "id": "CVE-2010-2225", - "baseScore": 7.5, - "publishedDate": "2010-06-24T12:30:00+0000", - "lastModifiedDate": "2024-11-21T01:16:00+0000", - "description": "Use-after-free vulnerability in the SplObjectStorage unserializer in PHP 5.2.x and 5.3.x through 5.3.2 allows remote attackers to execute arbitrary code or obtain sensitive information via serialized data, related to the PHP unserialize function." - }, - "CVE-2010-2484": { - "id": "CVE-2010-2484", - "baseScore": 5, - "publishedDate": "2010-08-20T22:00:00+0000", - "lastModifiedDate": "2024-11-21T01:16:00+0000", - "description": "The strrchr function in PHP 5.2 before 5.2.14 allows context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal function or handler." - }, - "CVE-2010-2531": { - "id": "CVE-2010-2531", - "baseScore": 4.3, - "publishedDate": "2010-08-20T22:00:00+0000", - "lastModifiedDate": "2024-11-21T01:16:00+0000", - "description": "The var_export function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3 flushes the output buffer to the user when certain fatal errors occur, even if display_errors is off, which allows remote attackers to obtain sensitive information by causing the application to exceed limits for memory, execution time, or recursion." - }, - "CVE-2010-2950": { - "id": "CVE-2010-2950", - "baseScore": 6.8, - "publishedDate": "2010-09-28T18:00:00+0000", - "lastModifiedDate": "2024-11-21T01:17:00+0000", - "description": "Format string vulnerability in stream.c in the phar extension in PHP 5.3.x through 5.3.3 allows context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the phar_stream_flush function, leading to errors in the php_stream_wrapper_log_error function. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2094." - }, - "CVE-2010-3436": { - "id": "CVE-2010-3436", - "baseScore": 5, - "publishedDate": "2010-11-09T01:00:00+0000", - "lastModifiedDate": "2024-11-21T01:18:00+0000", - "description": "fopen_wrappers.c in PHP 5.3.x through 5.3.3 might allow remote attackers to bypass open_basedir restrictions via vectors related to the length of a filename." - }, - "CVE-2010-3709": { - "id": "CVE-2010-3709", - "baseScore": 4.3, - "publishedDate": "2010-11-09T01:00:00+0000", - "lastModifiedDate": "2024-11-21T01:19:00+0000", - "description": "The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ZIP archive." - }, - "CVE-2010-3710": { - "id": "CVE-2010-3710", - "baseScore": 4.3, - "publishedDate": "2010-10-25T20:01:00+0000", - "lastModifiedDate": "2024-11-21T01:19:00+0000", - "description": "Stack consumption vulnerability in the filter_var function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTER_VALIDATE_EMAIL mode is used, allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string." - }, - "CVE-2010-3870": { - "id": "CVE-2010-3870", - "baseScore": 6.8, - "publishedDate": "2010-11-12T21:00:00+0000", - "lastModifiedDate": "2024-11-21T01:19:00+0000", - "description": "The utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string." - }, - "CVE-2010-4150": { - "id": "CVE-2010-4150", - "baseScore": 5, - "publishedDate": "2010-12-07T22:00:00+0000", - "lastModifiedDate": "2024-11-21T01:20:00+0000", - "description": "Double free vulnerability in the imap_do_open function in the IMAP extension (ext/imap/php_imap.c) in PHP 5.2 before 5.2.15 and 5.3 before 5.3.4 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors." - }, - "CVE-2010-4156": { - "id": "CVE-2010-4156", - "baseScore": 5, - "publishedDate": "2010-11-10T03:00:00+0000", - "lastModifiedDate": "2024-11-21T01:20:00+0000", - "description": "The mb_strcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through 5.3.3, allows context-dependent attackers to obtain potentially sensitive information via a large value of the third parameter (aka the length parameter)." - }, - "CVE-2010-4409": { - "id": "CVE-2010-4409", - "baseScore": 5, - "publishedDate": "2010-12-06T20:13:00+0000", - "lastModifiedDate": "2024-11-21T01:20:00+0000", - "description": "Integer overflow in the NumberFormatter::getSymbol (aka numfmt_get_symbol) function in PHP 5.3.3 and earlier allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument." - }, - "CVE-2010-4645": { - "id": "CVE-2010-4645", - "baseScore": 5, - "publishedDate": "2011-01-11T03:00:00+0000", - "lastModifiedDate": "2024-11-21T01:21:00+0000", - "description": "strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and other products, allows context-dependent attackers to cause a denial of service (infinite loop) via a certain floating-point value in scientific notation, which is not properly handled in x87 FPU registers, as demonstrated using 2.2250738585072011e-308." - }, - "CVE-2011-0421": { - "id": "CVE-2011-0421", - "baseScore": 4.3, - "publishedDate": "2011-03-20T02:00:00+0000", - "lastModifiedDate": "2024-11-21T01:23:00+0000", - "description": "The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (NULL pointer dereference) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation." - }, - "CVE-2011-0708": { - "id": "CVE-2011-0708", - "baseScore": 4.3, - "publishedDate": "2011-03-20T02:00:00+0000", - "lastModifiedDate": "2024-11-21T01:24:00+0000", - "description": "exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) via an image with a crafted Image File Directory (IFD) that triggers a buffer over-read." - }, - "CVE-2011-1092": { - "id": "CVE-2011-1092", - "baseScore": 7.5, - "publishedDate": "2011-03-15T17:55:00+0000", - "lastModifiedDate": "2024-11-21T01:25:00+0000", - "description": "Integer overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (crash) and possibly read sensitive memory via a large third argument to the shmop_read function." - }, - "CVE-2011-1148": { - "id": "CVE-2011-1148", - "baseScore": 7.5, - "publishedDate": "2011-03-18T15:55:00+0000", - "lastModifiedDate": "2024-11-21T01:25:00+0000", - "description": "Use-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by using the same variable for multiple arguments." - }, - "CVE-2011-1153": { - "id": "CVE-2011-1153", - "baseScore": 7.5, - "publishedDate": "2011-03-16T22:55:00+0000", - "lastModifiedDate": "2024-11-21T01:25:00+0000", - "description": "Multiple format string vulnerabilities in phar_object.c in the phar extension in PHP 5.3.5 and earlier allow context-dependent attackers to obtain sensitive information from process memory, cause a denial of service (memory corruption), or possibly execute arbitrary code via format string specifiers in an argument to a class method, leading to an incorrect zend_throw_exception_ex call." - }, - "CVE-2011-1938": { - "id": "CVE-2011-1938", - "baseScore": 7.5, - "publishedDate": "2011-05-31T20:55:00+0000", - "lastModifiedDate": "2024-11-21T01:27:00+0000", - "description": "Stack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket." - }, - "CVE-2011-2202": { - "id": "CVE-2011-2202", - "baseScore": 6.4, - "publishedDate": "2011-06-16T23:55:00+0000", - "lastModifiedDate": "2024-11-21T01:27:00+0000", - "description": "The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a \"file path injection vulnerability.\"" - }, - "CVE-2011-2483": { - "id": "CVE-2011-2483", - "baseScore": 5, - "publishedDate": "2011-08-25T14:22:00+0000", - "lastModifiedDate": "2024-11-21T01:28:00+0000", - "description": "crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash." - }, - "CVE-2011-3389": { - "id": "CVE-2011-3389", - "baseScore": 4.3, - "publishedDate": "2011-09-06T19:55:00+0000", - "lastModifiedDate": "2024-11-21T01:30:00+0000", - "description": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack." - }, - "CVE-2011-4153": { - "id": "CVE-2011-4153", - "baseScore": 5, - "publishedDate": "2012-01-18T20:55:00+0000", - "lastModifiedDate": "2024-11-21T01:31:00+0000", - "description": "PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that performs strndup operations on untrusted string data, as demonstrated by the define function in zend_builtin_functions.c, and unspecified functions in ext/soap/php_sdl.c, ext/standard/syslog.c, ext/standard/browscap.c, ext/oci8/oci8.c, ext/com_dotnet/com_typeinfo.c, and main/php_open_temporary_file.c." - }, - "CVE-2011-4718": { - "id": "CVE-2011-4718", - "baseScore": 6.8, - "publishedDate": "2013-08-13T15:04:00+0000", - "lastModifiedDate": "2024-11-21T01:32:00+0000", - "description": "Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID." - }, - "CVE-2012-0830": { - "id": "CVE-2012-0830", - "baseScore": 7.5, - "publishedDate": "2012-02-06T20:55:00+0000", - "lastModifiedDate": "2024-11-21T01:35:00+0000", - "description": "The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885." - }, - "CVE-2012-1172": { - "id": "CVE-2012-1172", - "baseScore": 5.8, - "publishedDate": "2012-05-24T00:55:00+0000", - "lastModifiedDate": "2024-11-21T01:36:00+0000", - "description": "The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions." - }, - "CVE-2012-1823": { - "id": "CVE-2012-1823", - "baseScore": 9.8, - "publishedDate": "2012-05-11T10:15:00+0000", - "lastModifiedDate": "2025-02-19T19:45:00+0000", - "description": "sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case." - }, - "CVE-2012-2143": { - "id": "CVE-2012-2143", - "baseScore": 4.3, - "publishedDate": "2012-07-05T14:55:00+0000", - "lastModifiedDate": "2024-11-21T01:38:00+0000", - "description": "The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password." - }, - "CVE-2012-2311": { - "id": "CVE-2012-2311", - "baseScore": 7.5, - "publishedDate": "2012-05-11T10:15:00+0000", - "lastModifiedDate": "2024-11-21T01:38:00+0000", - "description": "sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that contain a %3D sequence but no = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823." - }, - "CVE-2012-2329": { - "id": "CVE-2012-2329", - "baseScore": 5, - "publishedDate": "2012-05-11T10:15:00+0000", - "lastModifiedDate": "2024-11-21T01:38:00+0000", - "description": "Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request." - }, - "CVE-2012-2386": { - "id": "CVE-2012-2386", - "baseScore": 7.5, - "publishedDate": "2012-07-07T10:21:00+0000", - "lastModifiedDate": "2024-11-21T01:38:00+0000", - "description": "Integer overflow in the phar_parse_tarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tar file that triggers a heap-based buffer overflow." - }, - "CVE-2012-2688": { - "id": "CVE-2012-2688", - "baseScore": 10, - "publishedDate": "2012-07-20T10:40:00+0000", - "lastModifiedDate": "2024-11-21T01:39:00+0000", - "description": "Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an \"overflow.\"" - }, - "CVE-2012-3365": { - "id": "CVE-2012-3365", - "baseScore": 5, - "publishedDate": "2012-07-20T10:40:00+0000", - "lastModifiedDate": "2024-11-21T01:40:00+0000", - "description": "The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors." - }, - "CVE-2012-3450": { - "id": "CVE-2012-3450", - "baseScore": 2.6, - "publishedDate": "2012-08-06T16:55:00+0000", - "lastModifiedDate": "2024-11-21T01:40:00+0000", - "description": "pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted parameter value." - }, - "CVE-2013-1635": { - "id": "CVE-2013-1635", - "baseScore": 7.5, - "publishedDate": "2013-03-06T13:10:00+0000", - "lastModifiedDate": "2024-11-21T01:50:00+0000", - "description": "ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not validate the relationship between the soap.wsdl_cache_dir directive and the open_basedir directive, which allows remote attackers to bypass intended access restrictions by triggering the creation of cached SOAP WSDL files in an arbitrary directory." - }, - "CVE-2013-1643": { - "id": "CVE-2013-1643", - "baseScore": 5, - "publishedDate": "2013-03-06T13:10:00+0000", - "lastModifiedDate": "2024-11-21T01:50:00+0000", - "description": "The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-1824." - }, - "CVE-2013-1824": { - "id": "CVE-2013-1824", - "baseScore": 4.3, - "publishedDate": "2013-09-16T13:02:00+0000", - "lastModifiedDate": "2024-11-21T01:50:00+0000", - "description": "The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions." - }, - "CVE-2013-2110": { - "id": "CVE-2013-2110", - "baseScore": 5, - "publishedDate": "2013-06-21T20:55:00+0000", - "lastModifiedDate": "2024-11-21T01:51:00+0000", - "description": "Heap-based buffer overflow in the php_quot_print_encode function in ext/standard/quot_print.c in PHP before 5.3.26 and 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted argument to the quoted_printable_encode function." - }, - "CVE-2013-4113": { - "id": "CVE-2013-4113", - "baseScore": 6.8, - "publishedDate": "2013-07-13T13:10:00+0000", - "lastModifiedDate": "2024-11-21T01:54:00+0000", - "description": "ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function." - }, - "CVE-2013-4248": { - "id": "CVE-2013-4248", - "baseScore": 4.3, - "publishedDate": "2013-08-18T02:52:00+0000", - "lastModifiedDate": "2024-11-21T01:55:00+0000", - "description": "The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408." - }, - "CVE-2013-6420": { - "id": "CVE-2013-6420", - "baseScore": 7.5, - "publishedDate": "2013-12-17T04:46:00+0000", - "lastModifiedDate": "2024-11-21T01:59:00+0000", - "description": "The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function." - }, - "CVE-2013-6712": { - "id": "CVE-2013-6712", - "baseScore": 5, - "publishedDate": "2013-11-28T04:37:00+0000", - "lastModifiedDate": "2024-11-21T01:59:00+0000", - "description": "The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification." - }, - "CVE-2013-7226": { - "id": "CVE-2013-7226", - "baseScore": 6.8, - "publishedDate": "2014-02-18T11:55:00+0000", - "lastModifiedDate": "2024-11-21T02:00:00+0000", - "description": "Integer overflow in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an imagecrop function call with a large x dimension value, leading to a heap-based buffer overflow." - }, - "CVE-2013-7327": { - "id": "CVE-2013-7327", - "baseScore": 6.8, - "publishedDate": "2014-02-18T11:55:00+0000", - "lastModifiedDate": "2024-11-21T02:00:00+0000", - "description": "The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check return values, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via invalid imagecrop arguments that lead to use of a NULL pointer as a return value, a different vulnerability than CVE-2013-7226." - }, - "CVE-2013-7345": { - "id": "CVE-2013-7345", - "baseScore": 5, - "publishedDate": "2014-03-24T16:31:00+0000", - "lastModifiedDate": "2024-11-21T02:00:00+0000", - "description": "The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters." - }, - "CVE-2013-7456": { - "id": "CVE-2013-7456", - "baseScore": 7.6, - "publishedDate": "2016-08-07T10:59:00+0000", - "lastModifiedDate": "2024-11-21T02:01:00+0000", - "description": "gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.1.1, as used in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7, allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted image that is mishandled by the imagescale function." - }, - "CVE-2014-0185": { - "id": "CVE-2014-0185", - "baseScore": 7.2, - "publishedDate": "2014-05-06T10:44:00+0000", - "lastModifiedDate": "2024-11-21T02:01:00+0000", - "description": "sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP before 5.4.28 and 5.5.x before 5.5.12 uses 0666 permissions for the UNIX socket, which allows local users to gain privileges via a crafted FastCGI client." - }, - "CVE-2014-0207": { - "id": "CVE-2014-0207", - "baseScore": 4.3, - "publishedDate": "2014-07-09T11:07:00+0000", - "lastModifiedDate": "2024-11-21T02:01:00+0000", - "description": "The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file." - }, - "CVE-2014-0236": { - "id": "CVE-2014-0236", - "baseScore": 7.5, - "publishedDate": "2016-05-16T10:59:00+0000", - "lastModifiedDate": "2024-11-21T02:01:00+0000", - "description": "file before 5.18, as used in the Fileinfo component in PHP before 5.6.0, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a zero root_storage value in a CDF file, related to cdf.c and readcdf.c." - }, - "CVE-2014-0237": { - "id": "CVE-2014-0237", - "baseScore": 5, - "publishedDate": "2014-06-01T04:29:00+0000", - "lastModifiedDate": "2024-11-21T02:01:00+0000", - "description": "The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls." - }, - "CVE-2014-0238": { - "id": "CVE-2014-0238", - "baseScore": 5, - "publishedDate": "2014-06-01T04:29:00+0000", - "lastModifiedDate": "2024-11-21T02:01:00+0000", - "description": "The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero length or (2) is too long." - }, - "CVE-2014-1943": { - "id": "CVE-2014-1943", - "baseScore": 5, - "publishedDate": "2014-02-18T19:55:00+0000", - "lastModifiedDate": "2024-11-21T02:05:00+0000", - "description": "Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file." - }, - "CVE-2014-2270": { - "id": "CVE-2014-2270", - "baseScore": 4.3, - "publishedDate": "2014-03-14T15:55:00+0000", - "lastModifiedDate": "2024-11-21T02:05:00+0000", - "description": "softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable." - }, - "CVE-2014-2497": { - "id": "CVE-2014-2497", - "baseScore": 4.3, - "publishedDate": "2014-03-21T14:55:00+0000", - "lastModifiedDate": "2024-11-21T02:06:00+0000", - "description": "The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file." - }, - "CVE-2014-3478": { - "id": "CVE-2014-3478", - "baseScore": 5, - "publishedDate": "2014-07-09T11:07:00+0000", - "lastModifiedDate": "2024-11-21T02:08:00+0000", - "description": "Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion." - }, - "CVE-2014-3479": { - "id": "CVE-2014-3479", - "baseScore": 4.3, - "publishedDate": "2014-07-09T11:07:00+0000", - "lastModifiedDate": "2024-11-21T02:08:00+0000", - "description": "The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file." - }, - "CVE-2014-3480": { - "id": "CVE-2014-3480", - "baseScore": 4.3, - "publishedDate": "2014-07-09T11:07:00+0000", - "lastModifiedDate": "2024-11-21T02:08:00+0000", - "description": "The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file." - }, - "CVE-2014-3487": { - "id": "CVE-2014-3487", - "baseScore": 4.3, - "publishedDate": "2014-07-09T11:07:00+0000", - "lastModifiedDate": "2024-11-21T02:08:00+0000", - "description": "The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file." - }, - "CVE-2014-3515": { - "id": "CVE-2014-3515", - "baseScore": 7.5, - "publishedDate": "2014-07-09T11:07:00+0000", - "lastModifiedDate": "2024-11-21T02:08:00+0000", - "description": "The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related to \"type confusion\" issues in (1) ArrayObject and (2) SPLObjectStorage." - }, - "CVE-2014-3538": { - "id": "CVE-2014-3538", - "baseScore": 5, - "publishedDate": "2014-07-03T14:55:00+0000", - "lastModifiedDate": "2024-11-21T02:08:00+0000", - "description": "file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345." - }, - "CVE-2014-3587": { - "id": "CVE-2014-3587", - "baseScore": 4.3, - "publishedDate": "2014-08-23T01:55:00+0000", - "lastModifiedDate": "2024-11-21T02:08:00+0000", - "description": "Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571." - }, - "CVE-2014-3597": { - "id": "CVE-2014-3597", - "baseScore": 6.8, - "publishedDate": "2014-08-23T01:55:00+0000", - "lastModifiedDate": "2024-11-21T02:08:00+0000", - "description": "Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS record, related to the dns_get_record function and the dn_expand function. NOTE: this issue exists because of an incomplete fix for CVE-2014-4049." - }, "CVE-2014-3622": { "id": "CVE-2014-3622", "baseScore": 9.8, @@ -4025,181 +3452,6 @@ "lastModifiedDate": "2024-11-21T02:08:00+0000", "description": "Use-after-free vulnerability in the add_post_var function in the Posthandler component in PHP 5.6.x before 5.6.1 might allow remote attackers to execute arbitrary code by leveraging a third-party filter extension that accesses a certain ksep value." }, - "CVE-2014-3668": { - "id": "CVE-2014-3668", - "baseScore": 5, - "publishedDate": "2014-10-29T10:55:00+0000", - "lastModifiedDate": "2024-11-21T02:08:00+0000", - "description": "Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation." - }, - "CVE-2014-3669": { - "id": "CVE-2014-3669", - "baseScore": 7.5, - "publishedDate": "2014-10-29T10:55:00+0000", - "lastModifiedDate": "2024-11-21T02:08:00+0000", - "description": "Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function that triggers calculation of a large length value." - }, - "CVE-2014-3670": { - "id": "CVE-2014-3670", - "baseScore": 6.8, - "publishedDate": "2014-10-29T10:55:00+0000", - "lastModifiedDate": "2024-11-21T02:08:00+0000", - "description": "The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted JPEG image with TIFF thumbnail data that is improperly handled by the exif_thumbnail function." - }, - "CVE-2014-3710": { - "id": "CVE-2014-3710", - "baseScore": 5, - "publishedDate": "2014-11-05T11:55:00+0000", - "lastModifiedDate": "2024-11-21T02:08:00+0000", - "description": "The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file." - }, - "CVE-2014-3981": { - "id": "CVE-2014-3981", - "baseScore": 3.3, - "publishedDate": "2014-06-08T18:55:00+0000", - "lastModifiedDate": "2024-11-21T02:09:00+0000", - "description": "acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file." - }, - "CVE-2014-4049": { - "id": "CVE-2014-4049", - "baseScore": 5.1, - "publishedDate": "2014-06-18T19:55:00+0000", - "lastModifiedDate": "2024-11-21T02:09:00+0000", - "description": "Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record function." - }, - "CVE-2014-4670": { - "id": "CVE-2014-4670", - "baseScore": 4.6, - "publishedDate": "2014-07-10T11:06:00+0000", - "lastModifiedDate": "2024-11-21T02:10:00+0000", - "description": "Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments." - }, - "CVE-2014-4698": { - "id": "CVE-2014-4698", - "baseScore": 4.6, - "publishedDate": "2014-07-10T11:06:00+0000", - "lastModifiedDate": "2024-11-21T02:10:00+0000", - "description": "Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments." - }, - "CVE-2014-4721": { - "id": "CVE-2014-4721", - "baseScore": 2.6, - "publishedDate": "2014-07-06T23:55:00+0000", - "lastModifiedDate": "2024-11-21T02:10:00+0000", - "description": "The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allow context-dependent attackers to obtain sensitive information from process memory by using the integer data type with crafted values, related to a \"type confusion\" vulnerability, as demonstrated by reading a private SSL key in an Apache HTTP Server web-hosting environment with mod_ssl and a PHP 5.3.x mod_php." - }, - "CVE-2014-5120": { - "id": "CVE-2014-5120", - "baseScore": 6.4, - "publishedDate": "2014-08-23T01:55:00+0000", - "lastModifiedDate": "2024-11-21T02:11:00+0000", - "description": "gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the (1) imagegd, (2) imagegd2, (3) imagegif, (4) imagejpeg, (5) imagepng, (6) imagewbmp, or (7) imagewebp function." - }, - "CVE-2014-8142": { - "id": "CVE-2014-8142", - "baseScore": 7.5, - "publishedDate": "2014-12-20T11:59:00+0000", - "lastModifiedDate": "2024-11-21T02:18:00+0000", - "description": "Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys within the serialized properties of an object, a different vulnerability than CVE-2004-1019." - }, - "CVE-2014-9425": { - "id": "CVE-2014-9425", - "baseScore": 7.5, - "publishedDate": "2014-12-31T02:59:00+0000", - "lastModifiedDate": "2024-11-21T02:20:00+0000", - "description": "Double free vulnerability in the zend_ts_hash_graceful_destroy function in zend_ts_hash.c in the Zend Engine in PHP through 5.5.20 and 5.6.x through 5.6.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors." - }, - "CVE-2014-9427": { - "id": "CVE-2014-9427", - "baseScore": 7.5, - "publishedDate": "2015-01-03T02:59:00+0000", - "lastModifiedDate": "2024-11-21T02:20:00+0000", - "description": "sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping's length during processing of an invalid file that begins with a # character and lacks a newline character, which causes an out-of-bounds read and might (1) allow remote attackers to obtain sensitive information from php-cgi process memory by leveraging the ability to upload a .php file or (2) trigger unexpected code execution if a valid PHP script is present in memory locations adjacent to the mapping." - }, - "CVE-2014-9652": { - "id": "CVE-2014-9652", - "baseScore": 5, - "publishedDate": "2015-03-30T10:59:00+0000", - "lastModifiedDate": "2024-11-21T02:21:00+0000", - "description": "The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted file." - }, - "CVE-2014-9705": { - "id": "CVE-2014-9705", - "baseScore": 7.5, - "publishedDate": "2015-03-30T10:59:00+0000", - "lastModifiedDate": "2024-11-21T02:21:00+0000", - "description": "Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries." - }, - "CVE-2014-9709": { - "id": "CVE-2014-9709", - "baseScore": 5, - "publishedDate": "2015-03-30T10:59:00+0000", - "lastModifiedDate": "2024-11-21T02:21:00+0000", - "description": "The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function." - }, - "CVE-2014-9767": { - "id": "CVE-2014-9767", - "baseScore": 4.3, - "publishedDate": "2016-05-22T01:59:00+0000", - "lastModifiedDate": "2024-11-21T02:21:00+0000", - "description": "Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/ext_zip.cpp in HHVM before 3.12.1 allows remote attackers to create arbitrary empty directories via a crafted ZIP archive." - }, - "CVE-2015-0231": { - "id": "CVE-2015-0231", - "baseScore": 7.5, - "publishedDate": "2015-01-27T20:03:00+0000", - "lastModifiedDate": "2024-11-21T02:22:00+0000", - "description": "Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142." - }, - "CVE-2015-0232": { - "id": "CVE-2015-0232", - "baseScore": 6.8, - "publishedDate": "2015-01-27T20:04:00+0000", - "lastModifiedDate": "2024-11-21T02:22:00+0000", - "description": "The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image." - }, - "CVE-2015-0235": { - "id": "CVE-2015-0235", - "baseScore": 10, - "publishedDate": "2015-01-28T19:59:00+0000", - "lastModifiedDate": "2024-11-21T02:22:00+0000", - "description": "Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka \"GHOST.\"" - }, - "CVE-2015-0273": { - "id": "CVE-2015-0273", - "baseScore": 7.5, - "publishedDate": "2015-03-30T10:59:00+0000", - "lastModifiedDate": "2024-11-21T02:22:00+0000", - "description": "Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handled by the php_date_timezone_initialize_from_hash function or (b) DateTime data handled by the php_date_initialize_from_hash function." - }, - "CVE-2015-1351": { - "id": "CVE-2015-1351", - "baseScore": 7.5, - "publishedDate": "2015-03-30T10:59:00+0000", - "lastModifiedDate": "2024-11-21T02:25:00+0000", - "description": "Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors." - }, - "CVE-2015-1352": { - "id": "CVE-2015-1352", - "baseScore": 5, - "publishedDate": "2015-03-30T10:59:00+0000", - "lastModifiedDate": "2024-11-21T02:25:00+0000", - "description": "The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name." - }, - "CVE-2015-2301": { - "id": "CVE-2015-2301", - "baseScore": 7.5, - "publishedDate": "2015-03-30T10:59:00+0000", - "lastModifiedDate": "2024-11-21T02:27:00+0000", - "description": "Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file." - }, - "CVE-2015-2305": { - "id": "CVE-2015-2305", - "baseScore": 6.8, - "publishedDate": "2015-03-30T10:59:00+0000", - "lastModifiedDate": "2024-11-21T02:27:00+0000", - "description": "Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow." - }, "CVE-2015-2325": { "id": "CVE-2015-2325", "baseScore": 7.8, @@ -4214,1070 +3466,6 @@ "lastModifiedDate": "2024-11-21T02:27:00+0000", "description": "The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by \"((?+1)(\\1))/\"." }, - "CVE-2015-2331": { - "id": "CVE-2015-2331", - "baseScore": 7.5, - "publishedDate": "2015-03-30T10:59:00+0000", - "lastModifiedDate": "2024-11-21T02:27:00+0000", - "description": "Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow." - }, - "CVE-2015-2348": { - "id": "CVE-2015-2348", - "baseScore": 5, - "publishedDate": "2015-03-30T10:59:00+0000", - "lastModifiedDate": "2024-11-21T02:27:00+0000", - "description": "The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \\x00 character, which allows remote attackers to bypass intended extension restrictions and create files with unexpected names via a crafted second argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243." - }, - "CVE-2015-2783": { - "id": "CVE-2015-2783", - "baseScore": 5.8, - "publishedDate": "2015-06-09T18:59:00+0000", - "lastModifiedDate": "2024-11-21T02:28:00+0000", - "description": "ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length value in conjunction with crafted serialized data in a phar archive, related to the phar_parse_metadata and phar_parse_pharfile functions." - }, - "CVE-2015-2787": { - "id": "CVE-2015-2787", - "baseScore": 7.5, - "publishedDate": "2015-03-30T10:59:00+0000", - "lastModifiedDate": "2024-11-21T02:28:00+0000", - "description": "Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an __wakeup function, a related issue to CVE-2015-0231." - }, - "CVE-2015-3152": { - "id": "CVE-2015-3152", - "baseScore": 5.9, - "publishedDate": "2016-05-16T10:59:00+0000", - "lastModifiedDate": "2024-11-21T02:28:00+0000", - "description": "Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a \"BACKRONYM\" attack." - }, - "CVE-2015-3307": { - "id": "CVE-2015-3307", - "baseScore": 7.5, - "publishedDate": "2015-06-09T18:59:00+0000", - "lastModifiedDate": "2024-11-21T02:29:00+0000", - "description": "The phar_parse_metadata function in ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (heap metadata corruption) or possibly have unspecified other impact via a crafted tar archive." - }, - "CVE-2015-3329": { - "id": "CVE-2015-3329", - "baseScore": 7.5, - "publishedDate": "2015-06-09T18:59:00+0000", - "lastModifiedDate": "2024-11-21T02:29:00+0000", - "description": "Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive." - }, - "CVE-2015-3330": { - "id": "CVE-2015-3330", - "baseScore": 6.8, - "publishedDate": "2015-06-09T18:59:00+0000", - "lastModifiedDate": "2024-11-21T02:29:00+0000", - "description": "The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via pipelined HTTP requests that result in a \"deconfigured interpreter.\"" - }, - "CVE-2015-3411": { - "id": "CVE-2015-3411", - "baseScore": 6.5, - "publishedDate": "2016-05-16T10:59:00+0000", - "lastModifiedDate": "2024-11-21T02:29:00+0000", - "description": "PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument load method, (2) the xmlwriter_open_uri function, (3) the finfo_file function, or (4) the hash_hmac_file function, as demonstrated by a filename\\0.xml attack that bypasses an intended configuration in which client users may read only .xml files." - }, - "CVE-2015-3412": { - "id": "CVE-2015-3412", - "baseScore": 5.3, - "publishedDate": "2016-05-16T10:59:00+0000", - "lastModifiedDate": "2024-11-21T02:29:00+0000", - "description": "PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read arbitrary files via crafted input to an application that calls the stream_resolve_include_path function in ext/standard/streamsfuncs.c, as demonstrated by a filename\\0.extension attack that bypasses an intended configuration in which client users may read files with only one specific extension." - }, - "CVE-2015-3414": { - "id": "CVE-2015-3414", - "baseScore": 7.5, - "publishedDate": "2015-04-24T17:59:00+0000", - "lastModifiedDate": "2024-11-21T02:29:00+0000", - "description": "SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE\"\"\"\"\"\"\"\" at the end of a SELECT statement." - }, - "CVE-2015-3415": { - "id": "CVE-2015-3415", - "baseScore": 7.5, - "publishedDate": "2015-04-24T17:59:00+0000", - "lastModifiedDate": "2024-11-21T02:29:00+0000", - "description": "The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement." - }, - "CVE-2015-3416": { - "id": "CVE-2015-3416", - "baseScore": 7.5, - "publishedDate": "2015-04-24T17:59:00+0000", - "lastModifiedDate": "2024-11-21T02:29:00+0000", - "description": "The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement." - }, - "CVE-2015-4021": { - "id": "CVE-2015-4021", - "baseScore": 5, - "publishedDate": "2015-06-09T18:59:00+0000", - "lastModifiedDate": "2024-11-21T02:30:00+0000", - "description": "The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \\0 character, which allows remote attackers to cause a denial of service (integer underflow and memory corruption) via a crafted entry in a tar archive." - }, - "CVE-2015-4022": { - "id": "CVE-2015-4022", - "baseScore": 7.5, - "publishedDate": "2015-06-09T18:59:00+0000", - "lastModifiedDate": "2024-11-21T02:30:00+0000", - "description": "Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow." - }, - "CVE-2015-4024": { - "id": "CVE-2015-4024", - "baseScore": 5, - "publishedDate": "2015-06-09T18:59:00+0000", - "lastModifiedDate": "2024-11-21T02:30:00+0000", - "description": "Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome." - }, - "CVE-2015-4025": { - "id": "CVE-2015-4025", - "baseScore": 7.5, - "publishedDate": "2015-06-09T18:59:00+0000", - "lastModifiedDate": "2024-11-21T02:30:00+0000", - "description": "PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \\x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to (1) set_include_path, (2) tempnam, (3) rmdir, or (4) readlink. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243." - }, - "CVE-2015-4026": { - "id": "CVE-2015-4026", - "baseScore": 7.5, - "publishedDate": "2015-06-09T18:59:00+0000", - "lastModifiedDate": "2024-11-21T02:30:00+0000", - "description": "The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \\x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243." - }, - "CVE-2015-4147": { - "id": "CVE-2015-4147", - "baseScore": 7.5, - "publishedDate": "2015-06-09T18:59:00+0000", - "lastModifiedDate": "2024-11-21T02:30:00+0000", - "description": "The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that __default_headers is an array, which allows remote attackers to execute arbitrary code by providing crafted serialized data with an unexpected data type, related to a \"type confusion\" issue." - }, - "CVE-2015-4148": { - "id": "CVE-2015-4148", - "baseScore": 5, - "publishedDate": "2015-06-09T18:59:00+0000", - "lastModifiedDate": "2024-11-21T02:30:00+0000", - "description": "The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to obtain sensitive information by providing crafted serialized data with an int data type, related to a \"type confusion\" issue." - }, - "CVE-2015-4598": { - "id": "CVE-2015-4598", - "baseScore": 6.5, - "publishedDate": "2016-05-16T10:59:00+0000", - "lastModifiedDate": "2024-11-21T02:31:00+0000", - "description": "PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument save method or (2) the GD imagepsloadfont function, as demonstrated by a filename\\0.html attack that bypasses an intended configuration in which client users may write to only .html files." - }, - "CVE-2015-4599": { - "id": "CVE-2015-4599", - "baseScore": 9.8, - "publishedDate": "2016-05-16T10:59:00+0000", - "lastModifiedDate": "2024-11-21T02:31:00+0000", - "description": "The SoapFault::__toString method in ext/soap/soap.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information, cause a denial of service (application crash), or possibly execute arbitrary code via an unexpected data type, related to a \"type confusion\" issue." - }, - "CVE-2015-4604": { - "id": "CVE-2015-4604", - "baseScore": 7.5, - "publishedDate": "2016-05-16T10:59:00+0000", - "lastModifiedDate": "2024-11-21T02:31:00+0000", - "description": "The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relationship, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a \"Python script text executable\" rule." - }, - "CVE-2015-4605": { - "id": "CVE-2015-4605", - "baseScore": 7.5, - "publishedDate": "2016-05-16T10:59:00+0000", - "lastModifiedDate": "2024-11-21T02:31:00+0000", - "description": "The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a \"Python script text executable\" rule." - }, - "CVE-2015-4642": { - "id": "CVE-2015-4642", - "baseScore": 9.8, - "publishedDate": "2016-05-16T10:59:00+0000", - "lastModifiedDate": "2024-11-21T02:31:00+0000", - "description": "The escapeshellarg function in ext/standard/exec.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 on Windows allows remote attackers to execute arbitrary OS commands via a crafted string to an application that accepts command-line arguments for a call to the PHP system function." - }, - "CVE-2015-4643": { - "id": "CVE-2015-4643", - "baseScore": 9.8, - "publishedDate": "2016-05-16T10:59:00+0000", - "lastModifiedDate": "2024-11-21T02:31:00+0000", - "description": "Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4022." - }, - "CVE-2015-4644": { - "id": "CVE-2015-4644", - "baseScore": 7.5, - "publishedDate": "2016-05-16T10:59:00+0000", - "lastModifiedDate": "2024-11-21T02:31:00+0000", - "description": "The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1352." - }, - "CVE-2015-5589": { - "id": "CVE-2015-5589", - "baseScore": 9.8, - "publishedDate": "2016-05-16T10:59:00+0000", - "lastModifiedDate": "2024-11-21T02:33:00+0000", - "description": "The phar_convert_to_other function in ext/phar/phar_object.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 does not validate a file pointer before a close operation, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted TAR archive that is mishandled in a Phar::convertToData call." - }, - "CVE-2015-5590": { - "id": "CVE-2015-5590", - "baseScore": 7.3, - "publishedDate": "2016-01-19T05:59:00+0000", - "lastModifiedDate": "2024-11-21T02:33:00+0000", - "description": "Stack-based buffer overflow in the phar_fix_filepath function in ext/phar/phar.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value, as demonstrated by mishandling of an e-mail attachment by the imap PHP extension." - }, - "CVE-2015-6831": { - "id": "CVE-2015-6831", - "baseScore": 7.3, - "publishedDate": "2016-01-19T05:59:00+0000", - "lastModifiedDate": "2024-11-21T02:35:00+0000", - "description": "Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during unserialization." - }, - "CVE-2015-6832": { - "id": "CVE-2015-6832", - "baseScore": 7.3, - "publishedDate": "2016-01-19T05:59:00+0000", - "lastModifiedDate": "2024-11-21T02:35:00+0000", - "description": "Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code via crafted serialized data that triggers misuse of an array field." - }, - "CVE-2015-6833": { - "id": "CVE-2015-6833", - "baseScore": 7.5, - "publishedDate": "2016-01-19T05:59:00+0000", - "lastModifiedDate": "2024-11-21T02:35:00+0000", - "description": "Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call." - }, - "CVE-2015-6834": { - "id": "CVE-2015-6834", - "baseScore": 9.8, - "publishedDate": "2016-05-16T10:59:00+0000", - "lastModifiedDate": "2024-11-21T02:35:00+0000", - "description": "Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable interface, (2) the SplObjectStorage class, and (3) the SplDoublyLinkedList class, which are mishandled during unserialization." - }, - "CVE-2015-6835": { - "id": "CVE-2015-6835", - "baseScore": 9.8, - "publishedDate": "2016-05-16T10:59:00+0000", - "lastModifiedDate": "2024-11-21T02:35:00+0000", - "description": "The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 mishandles multiple php_var_unserialize calls, which allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted session content." - }, - "CVE-2015-6836": { - "id": "CVE-2015-6836", - "baseScore": 7.3, - "publishedDate": "2016-01-19T05:59:00+0000", - "lastModifiedDate": "2024-11-21T02:35:00+0000", - "description": "The SoapClient __call method in ext/soap/soap.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 does not properly manage headers, which allows remote attackers to execute arbitrary code via crafted serialized data that triggers a \"type confusion\" in the serialize_function_call function." - }, - "CVE-2015-6837": { - "id": "CVE-2015-6837", - "baseScore": 7.5, - "publishedDate": "2016-05-16T10:59:00+0000", - "lastModifiedDate": "2024-11-21T02:35:00+0000", - "description": "The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation during initial error checking, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6838." - }, - "CVE-2015-6838": { - "id": "CVE-2015-6838", - "baseScore": 7.5, - "publishedDate": "2016-05-16T10:59:00+0000", - "lastModifiedDate": "2024-11-21T02:35:00+0000", - "description": "The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation after the principal argument loop, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6837." - }, - "CVE-2015-7803": { - "id": "CVE-2015-7803", - "baseScore": 6.8, - "publishedDate": "2015-12-11T12:00:00+0000", - "lastModifiedDate": "2024-11-21T02:37:00+0000", - "description": "The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator references a file that does not exist." - }, - "CVE-2015-7804": { - "id": "CVE-2015-7804", - "baseScore": 6.8, - "publishedDate": "2015-12-11T12:00:00+0000", - "lastModifiedDate": "2024-11-21T02:37:00+0000", - "description": "Off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (uninitialized pointer dereference and application crash) by including the / filename in a .zip PHAR archive." - }, - "CVE-2015-8383": { - "id": "CVE-2015-8383", - "baseScore": 9.8, - "publishedDate": "2015-12-02T01:59:00+0000", - "lastModifiedDate": "2024-11-21T02:38:00+0000", - "description": "PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror." - }, - "CVE-2015-8386": { - "id": "CVE-2015-8386", - "baseScore": 9.8, - "publishedDate": "2015-12-02T01:59:00+0000", - "lastModifiedDate": "2024-11-21T02:38:00+0000", - "description": "PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror." - }, - "CVE-2015-8387": { - "id": "CVE-2015-8387", - "baseScore": 7.3, - "publishedDate": "2015-12-02T01:59:00+0000", - "lastModifiedDate": "2024-11-21T02:38:00+0000", - "description": "PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror." - }, - "CVE-2015-8389": { - "id": "CVE-2015-8389", - "baseScore": 9.8, - "publishedDate": "2015-12-02T01:59:00+0000", - "lastModifiedDate": "2024-11-21T02:38:00+0000", - "description": "PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror." - }, - "CVE-2015-8390": { - "id": "CVE-2015-8390", - "baseScore": 9.8, - "publishedDate": "2015-12-02T01:59:00+0000", - "lastModifiedDate": "2024-11-21T02:38:00+0000", - "description": "PCRE before 8.38 mishandles the [: and \\\\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror." - }, - "CVE-2015-8391": { - "id": "CVE-2015-8391", - "baseScore": 9.8, - "publishedDate": "2015-12-02T01:59:00+0000", - "lastModifiedDate": "2024-11-21T02:38:00+0000", - "description": "The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror." - }, - "CVE-2015-8393": { - "id": "CVE-2015-8393", - "baseScore": 7.5, - "publishedDate": "2015-12-02T01:59:00+0000", - "lastModifiedDate": "2024-11-21T02:38:00+0000", - "description": "pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client." - }, - "CVE-2015-8394": { - "id": "CVE-2015-8394", - "baseScore": 9.8, - "publishedDate": "2015-12-02T01:59:00+0000", - "lastModifiedDate": "2024-11-21T02:38:00+0000", - "description": "PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror." - }, - "CVE-2015-8616": { - "id": "CVE-2015-8616", - "baseScore": 8.6, - "publishedDate": "2016-01-19T05:59:00+0000", - "lastModifiedDate": "2024-11-21T02:38:00+0000", - "description": "Use-after-free vulnerability in the Collator::sortWithSortKeys function in ext/intl/collator/collator_sort.c in PHP 7.x before 7.0.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging the relationships between a key buffer and a destroyed array." - }, - "CVE-2015-8617": { - "id": "CVE-2015-8617", - "baseScore": 9.8, - "publishedDate": "2016-01-19T05:59:00+0000", - "lastModifiedDate": "2024-11-21T02:38:00+0000", - "description": "Format string vulnerability in the zend_throw_or_error function in Zend/zend_execute_API.c in PHP 7.x before 7.0.1 allows remote attackers to execute arbitrary code via format string specifiers in a string that is misused as a class name, leading to incorrect error handling." - }, - "CVE-2015-8865": { - "id": "CVE-2015-8865", - "baseScore": 7.3, - "publishedDate": "2016-05-20T10:59:00+0000", - "lastModifiedDate": "2024-11-21T02:39:00+0000", - "description": "The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file." - }, - "CVE-2015-8866": { - "id": "CVE-2015-8866", - "baseScore": 9.6, - "publishedDate": "2016-05-22T01:59:00+0000", - "lastModifiedDate": "2024-11-21T02:39:00+0000", - "description": "ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161." - }, - "CVE-2015-8867": { - "id": "CVE-2015-8867", - "baseScore": 7.5, - "publishedDate": "2016-05-22T01:59:00+0000", - "lastModifiedDate": "2024-11-21T02:39:00+0000", - "description": "The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors." - }, - "CVE-2015-8874": { - "id": "CVE-2015-8874", - "baseScore": 7.5, - "publishedDate": "2016-05-16T10:59:00+0000", - "lastModifiedDate": "2024-11-21T02:39:00+0000", - "description": "Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call." - }, - "CVE-2015-8879": { - "id": "CVE-2015-8879", - "baseScore": 7.5, - "publishedDate": "2016-05-22T01:59:00+0000", - "lastModifiedDate": "2024-11-21T02:39:00+0000", - "description": "The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 mishandles driver behavior for SQL_WVARCHAR columns, which allows remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array function to access a certain type of Microsoft SQL Server table." - }, - "CVE-2016-1283": { - "id": "CVE-2016-1283", - "baseScore": 9.8, - "publishedDate": "2016-01-03T00:59:00+0000", - "lastModifiedDate": "2024-11-21T02:46:00+0000", - "description": "The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\\\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\\){97)?J)?J)(?'R'(?'R'\\){99|(:(?|(?'R')(\\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror." - }, - "CVE-2016-1903": { - "id": "CVE-2016-1903", - "baseScore": 9.1, - "publishedDate": "2016-01-19T05:59:00+0000", - "lastModifiedDate": "2024-11-21T02:47:00+0000", - "description": "The gdImageRotateInterpolated function in ext/gd/libgd/gd_interpolation.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a large bgd_color argument to the imagerotate function." - }, - "CVE-2016-1904": { - "id": "CVE-2016-1904", - "baseScore": 7.3, - "publishedDate": "2016-01-19T05:59:00+0000", - "lastModifiedDate": "2024-11-21T02:47:00+0000", - "description": "Multiple integer overflows in ext/standard/exec.c in PHP 7.x before 7.0.2 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a long string to the (1) php_escape_shell_cmd or (2) php_escape_shell_arg function, leading to a heap-based buffer overflow." - }, - "CVE-2016-2554": { - "id": "CVE-2016-2554", - "baseScore": 9.8, - "publishedDate": "2016-05-16T10:59:00+0000", - "lastModifiedDate": "2024-11-21T02:48:00+0000", - "description": "Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TAR archive." - }, - "CVE-2016-3074": { - "id": "CVE-2016-3074", - "baseScore": 9.8, - "publishedDate": "2016-04-26T14:59:00+0000", - "lastModifiedDate": "2024-11-21T02:49:00+0000", - "description": "Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow." - }, - "CVE-2016-3078": { - "id": "CVE-2016-3078", - "baseScore": 9.8, - "publishedDate": "2016-08-07T10:59:00+0000", - "lastModifiedDate": "2024-11-21T02:49:00+0000", - "description": "Multiple integer overflows in php_zip.c in the zip extension in PHP before 7.0.6 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted call to (1) getFromIndex or (2) getFromName in the ZipArchive class." - }, - "CVE-2016-3185": { - "id": "CVE-2016-3185", - "baseScore": 7.1, - "publishedDate": "2016-05-16T10:59:00+0000", - "lastModifiedDate": "2024-11-21T02:49:00+0000", - "description": "The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (type confusion and application crash) via crafted serialized _cookies data, related to the SoapClient::__call method in ext/soap/soap.c." - }, - "CVE-2016-4070": { - "id": "CVE-2016-4070", - "baseScore": 7.5, - "publishedDate": "2016-05-20T11:00:00+0000", - "lastModifiedDate": "2024-11-21T02:51:00+0000", - "description": "Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function. NOTE: the vendor says \"Not sure if this qualifies as security issue (probably not)." - }, - "CVE-2016-4071": { - "id": "CVE-2016-4071", - "baseScore": 9.8, - "publishedDate": "2016-05-20T11:00:00+0000", - "lastModifiedDate": "2024-11-21T02:51:00+0000", - "description": "Format string vulnerability in the php_snmp_error function in ext/snmp/snmp.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via format string specifiers in an SNMP::get call." - }, - "CVE-2016-4072": { - "id": "CVE-2016-4072", - "baseScore": 9.8, - "publishedDate": "2016-05-20T11:00:00+0000", - "lastModifiedDate": "2024-11-21T02:51:00+0000", - "description": "The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via a crafted filename, as demonstrated by mishandling of \\0 characters by the phar_analyze_path function in ext/phar/phar.c." - }, - "CVE-2016-4073": { - "id": "CVE-2016-4073", - "baseScore": 9.8, - "publishedDate": "2016-05-20T11:00:00+0000", - "lastModifiedDate": "2024-11-21T02:51:00+0000", - "description": "Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted mb_strcut call." - }, - "CVE-2016-4342": { - "id": "CVE-2016-4342", - "baseScore": 8.8, - "publishedDate": "2016-05-22T01:59:00+0000", - "lastModifiedDate": "2024-11-21T02:51:00+0000", - "description": "ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive." - }, - "CVE-2016-4343": { - "id": "CVE-2016-4343", - "baseScore": 8.8, - "publishedDate": "2016-05-22T01:59:00+0000", - "lastModifiedDate": "2024-11-21T02:51:00+0000", - "description": "The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service (uninitialized pointer dereference) or possibly have unspecified other impact via a crafted TAR archive." - }, - "CVE-2016-4344": { - "id": "CVE-2016-4344", - "baseScore": 9.8, - "publishedDate": "2016-05-22T01:59:00+0000", - "lastModifiedDate": "2024-11-21T02:51:00+0000", - "description": "Integer overflow in the xml_utf8_encode function in ext/xml/xml.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long argument to the utf8_encode function, leading to a heap-based buffer overflow." - }, - "CVE-2016-4345": { - "id": "CVE-2016-4345", - "baseScore": 9.8, - "publishedDate": "2016-05-22T01:59:00+0000", - "lastModifiedDate": "2024-11-21T02:51:00+0000", - "description": "Integer overflow in the php_filter_encode_url function in ext/filter/sanitizing_filters.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow." - }, - "CVE-2016-4346": { - "id": "CVE-2016-4346", - "baseScore": 9.8, - "publishedDate": "2016-05-22T01:59:00+0000", - "lastModifiedDate": "2024-11-21T02:51:00+0000", - "description": "Integer overflow in the str_pad function in ext/standard/string.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow." - }, - "CVE-2016-4473": { - "id": "CVE-2016-4473", - "baseScore": 9.8, - "publishedDate": "2017-06-08T20:29:00+0000", - "lastModifiedDate": "2024-11-21T02:52:00+0000", - "description": "/ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code. NOTE: Introduced as part of an incomplete fix to CVE-2015-6833." - }, - "CVE-2016-4537": { - "id": "CVE-2016-4537", - "baseScore": 9.8, - "publishedDate": "2016-05-22T01:59:00+0000", - "lastModifiedDate": "2024-11-21T02:52:00+0000", - "description": "The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 accepts a negative integer for the scale argument, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call." - }, - "CVE-2016-4538": { - "id": "CVE-2016-4538", - "baseScore": 9.8, - "publishedDate": "2016-05-22T01:59:00+0000", - "lastModifiedDate": "2024-11-21T02:52:00+0000", - "description": "The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 modifies certain data structures without considering whether they are copies of the _zero_, _one_, or _two_ global variable, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call." - }, - "CVE-2016-4539": { - "id": "CVE-2016-4539", - "baseScore": 9.8, - "publishedDate": "2016-05-22T01:59:00+0000", - "lastModifiedDate": "2024-11-21T02:52:00+0000", - "description": "The xml_parse_into_struct function in ext/xml/xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (buffer under-read and segmentation fault) or possibly have unspecified other impact via crafted XML data in the second argument, leading to a parser level of zero." - }, - "CVE-2016-4540": { - "id": "CVE-2016-4540", - "baseScore": 9.8, - "publishedDate": "2016-05-22T01:59:00+0000", - "lastModifiedDate": "2024-11-21T02:52:00+0000", - "description": "The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset." - }, - "CVE-2016-4541": { - "id": "CVE-2016-4541", - "baseScore": 9.8, - "publishedDate": "2016-05-22T01:59:00+0000", - "lastModifiedDate": "2024-11-21T02:52:00+0000", - "description": "The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset." - }, - "CVE-2016-4542": { - "id": "CVE-2016-4542", - "baseScore": 9.8, - "publishedDate": "2016-05-22T01:59:00+0000", - "lastModifiedDate": "2024-11-21T02:52:00+0000", - "description": "The exif_process_IFD_TAG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not properly construct spprintf arguments, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data." - }, - "CVE-2016-4543": { - "id": "CVE-2016-4543", - "baseScore": 9.8, - "publishedDate": "2016-05-22T01:59:00+0000", - "lastModifiedDate": "2024-11-21T02:52:00+0000", - "description": "The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data." - }, - "CVE-2016-4544": { - "id": "CVE-2016-4544", - "baseScore": 9.8, - "publishedDate": "2016-05-22T01:59:00+0000", - "lastModifiedDate": "2024-11-21T02:52:00+0000", - "description": "The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate TIFF start data, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data." - }, - "CVE-2016-5093": { - "id": "CVE-2016-5093", - "baseScore": 8.6, - "publishedDate": "2016-08-07T10:59:00+0000", - "lastModifiedDate": "2024-11-21T02:53:00+0000", - "description": "The get_icu_value_internal function in ext/intl/locale/locale_methods.c in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7 does not ensure the presence of a '\\0' character, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted locale_get_primary_language call." - }, - "CVE-2016-5094": { - "id": "CVE-2016-5094", - "baseScore": 8.6, - "publishedDate": "2016-08-07T10:59:00+0000", - "lastModifiedDate": "2024-11-21T02:53:00+0000", - "description": "Integer overflow in the php_html_entities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from the htmlspecialchars function." - }, - "CVE-2016-5096": { - "id": "CVE-2016-5096", - "baseScore": 8.6, - "publishedDate": "2016-08-07T10:59:00+0000", - "lastModifiedDate": "2024-11-21T02:53:00+0000", - "description": "Integer overflow in the fread function in ext/standard/file.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer in the second argument." - }, - "CVE-2016-5114": { - "id": "CVE-2016-5114", - "baseScore": 9.1, - "publishedDate": "2016-08-07T10:59:00+0000", - "lastModifiedDate": "2024-11-21T02:53:00+0000", - "description": "sapi/fpm/fpm/fpm_log.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 misinterprets the semantics of the snprintf return value, which allows attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and buffer overflow) via a long string, as demonstrated by a long URI in a configuration with custom REQUEST_URI logging." - }, - "CVE-2016-5385": { - "id": "CVE-2016-5385", - "baseScore": 8.1, - "publishedDate": "2016-07-19T02:00:00+0000", - "lastModifiedDate": "2024-11-21T02:54:00+0000", - "description": "PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an \"httpoxy\" issue." - }, - "CVE-2016-5399": { - "id": "CVE-2016-5399", - "baseScore": 7.8, - "publishedDate": "2017-04-21T20:59:00+0000", - "lastModifiedDate": "2024-11-21T02:54:00+0000", - "description": "The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive." - }, - "CVE-2016-5766": { - "id": "CVE-2016-5766", - "baseScore": 8.8, - "publishedDate": "2016-08-07T10:59:00+0000", - "lastModifiedDate": "2024-11-21T02:54:00+0000", - "description": "Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image." - }, - "CVE-2016-5767": { - "id": "CVE-2016-5767", - "baseScore": 8.8, - "publishedDate": "2016-08-07T10:59:00+0000", - "lastModifiedDate": "2024-11-21T02:54:00+0000", - "description": "Integer overflow in the gdImageCreate function in gd.c in the GD Graphics Library (aka libgd) before 2.0.34RC1, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted image dimensions." - }, - "CVE-2016-5768": { - "id": "CVE-2016-5768", - "baseScore": 9.8, - "publishedDate": "2016-08-07T10:59:00+0000", - "lastModifiedDate": "2024-11-21T02:54:00+0000", - "description": "Double free vulnerability in the _php_mb_regex_ereg_replace_exec function in php_mbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by leveraging a callback exception." - }, - "CVE-2016-5769": { - "id": "CVE-2016-5769", - "baseScore": 9.8, - "publishedDate": "2016-08-07T10:59:00+0000", - "lastModifiedDate": "2024-11-21T02:54:00+0000", - "description": "Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted length value, related to the (1) mcrypt_generic and (2) mdecrypt_generic functions." - }, - "CVE-2016-5770": { - "id": "CVE-2016-5770", - "baseScore": 9.8, - "publishedDate": "2016-08-07T10:59:00+0000", - "lastModifiedDate": "2024-11-21T02:54:00+0000", - "description": "Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer argument, a related issue to CVE-2016-5096." - }, - "CVE-2016-5771": { - "id": "CVE-2016-5771", - "baseScore": 9.8, - "publishedDate": "2016-08-07T10:59:00+0000", - "lastModifiedDate": "2024-11-21T02:54:00+0000", - "description": "spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data." - }, - "CVE-2016-5772": { - "id": "CVE-2016-5772", - "baseScore": 9.8, - "publishedDate": "2016-08-07T10:59:00+0000", - "lastModifiedDate": "2024-11-21T02:54:00+0000", - "description": "Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted XML data that is mishandled in a wddx_deserialize call." - }, - "CVE-2016-5773": { - "id": "CVE-2016-5773", - "baseScore": 9.8, - "publishedDate": "2016-08-07T10:59:00+0000", - "lastModifiedDate": "2024-11-21T02:54:00+0000", - "description": "php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data containing a ZipArchive object." - }, - "CVE-2016-6207": { - "id": "CVE-2016-6207", - "baseScore": 6.5, - "publishedDate": "2016-08-12T15:59:00+0000", - "lastModifiedDate": "2024-11-21T02:55:00+0000", - "description": "Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors." - }, - "CVE-2016-6288": { - "id": "CVE-2016-6288", - "baseScore": 9.8, - "publishedDate": "2016-07-25T14:59:00+0000", - "lastModifiedDate": "2024-11-21T02:55:00+0000", - "description": "The php_url_parse_ex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via vectors involving the smart_str data type." - }, - "CVE-2016-6289": { - "id": "CVE-2016-6289", - "baseScore": 7.8, - "publishedDate": "2016-07-25T14:59:00+0000", - "lastModifiedDate": "2024-11-21T02:55:00+0000", - "description": "Integer overflow in the virtual_file_ex function in TSRM/tsrm_virtual_cwd.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted extract operation on a ZIP archive." - }, - "CVE-2016-6290": { - "id": "CVE-2016-6290", - "baseScore": 9.8, - "publishedDate": "2016-07-25T14:59:00+0000", - "lastModifiedDate": "2024-11-21T02:55:00+0000", - "description": "ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors related to session deserialization." - }, - "CVE-2016-6291": { - "id": "CVE-2016-6291", - "baseScore": 9.8, - "publishedDate": "2016-07-25T14:59:00+0000", - "lastModifiedDate": "2024-11-21T02:55:00+0000", - "description": "The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds array access and memory corruption), obtain sensitive information from process memory, or possibly have unspecified other impact via a crafted JPEG image." - }, - "CVE-2016-6292": { - "id": "CVE-2016-6292", - "baseScore": 6.5, - "publishedDate": "2016-07-25T14:59:00+0000", - "lastModifiedDate": "2024-11-21T02:55:00+0000", - "description": "The exif_process_user_comment function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted JPEG image." - }, - "CVE-2016-6294": { - "id": "CVE-2016-6294", - "baseScore": 9.8, - "publishedDate": "2016-07-25T14:59:00+0000", - "lastModifiedDate": "2024-11-21T02:55:00+0000", - "description": "The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long argument." - }, - "CVE-2016-6295": { - "id": "CVE-2016-6295", - "baseScore": 9.8, - "publishedDate": "2016-07-25T14:59:00+0000", - "lastModifiedDate": "2024-11-21T02:55:00+0000", - "description": "ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via crafted serialized data, a related issue to CVE-2016-5773." - }, - "CVE-2016-6296": { - "id": "CVE-2016-6296", - "baseScore": 9.8, - "publishedDate": "2016-07-25T14:59:00+0000", - "lastModifiedDate": "2024-11-21T02:55:00+0000", - "description": "Integer signedness error in the simplestring_addn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a long first argument to the PHP xmlrpc_encode_request function." - }, - "CVE-2016-6297": { - "id": "CVE-2016-6297", - "baseScore": 8.8, - "publishedDate": "2016-07-25T14:59:00+0000", - "lastModifiedDate": "2024-11-21T02:55:00+0000", - "description": "Integer overflow in the php_stream_zip_opener function in ext/zip/zip_stream.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted zip:// URL." - }, - "CVE-2016-7124": { - "id": "CVE-2016-7124", - "baseScore": 9.8, - "publishedDate": "2016-09-12T01:59:00+0000", - "lastModifiedDate": "2024-11-21T02:57:00+0000", - "description": "ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1) __destruct call or (2) magic method call." - }, - "CVE-2016-7125": { - "id": "CVE-2016-7125", - "baseScore": 7.5, - "publishedDate": "2016-09-12T01:59:00+0000", - "lastModifiedDate": "2024-11-21T02:57:00+0000", - "description": "ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as demonstrated by object injection." - }, - "CVE-2016-7126": { - "id": "CVE-2016-7126", - "baseScore": 9.8, - "publishedDate": "2016-09-12T01:59:00+0000", - "lastModifiedDate": "2024-11-21T02:57:00+0000", - "description": "The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate the number of colors, which allows remote attackers to cause a denial of service (select_colors allocation error and out-of-bounds write) or possibly have unspecified other impact via a large value in the third argument." - }, - "CVE-2016-7127": { - "id": "CVE-2016-7127", - "baseScore": 9.8, - "publishedDate": "2016-09-12T01:59:00+0000", - "lastModifiedDate": "2024-11-21T02:57:00+0000", - "description": "The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by providing different signs for the second and third arguments." - }, - "CVE-2016-7128": { - "id": "CVE-2016-7128", - "baseScore": 5.3, - "publishedDate": "2016-09-12T01:59:00+0000", - "lastModifiedDate": "2024-11-21T02:57:00+0000", - "description": "The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image." - }, - "CVE-2016-7129": { - "id": "CVE-2016-7129", - "baseScore": 9.8, - "publishedDate": "2016-09-12T01:59:00+0000", - "lastModifiedDate": "2024-11-21T02:57:00+0000", - "description": "The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via an invalid ISO 8601 time value, as demonstrated by a wddx_deserialize call that mishandles a dateTime element in a wddxPacket XML document." - }, - "CVE-2016-7130": { - "id": "CVE-2016-7130", - "baseScore": 7.5, - "publishedDate": "2016-09-12T01:59:00+0000", - "lastModifiedDate": "2024-11-21T02:57:00+0000", - "description": "The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid base64 binary value, as demonstrated by a wddx_deserialize call that mishandles a binary element in a wddxPacket XML document." - }, - "CVE-2016-7131": { - "id": "CVE-2016-7131", - "baseScore": 7.5, - "publishedDate": "2016-09-12T01:59:00+0000", - "lastModifiedDate": "2024-11-21T02:57:00+0000", - "description": "ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via a malformed wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a tag that lacks a < (less than) character." - }, - "CVE-2016-7132": { - "id": "CVE-2016-7132", - "baseScore": 7.5, - "publishedDate": "2016-09-12T01:59:00+0000", - "lastModifiedDate": "2024-11-21T02:57:00+0000", - "description": "ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a stray element inside a boolean element, leading to incorrect pop processing." - }, - "CVE-2016-7133": { - "id": "CVE-2016-7133", - "baseScore": 8.1, - "publishedDate": "2016-09-12T01:59:00+0000", - "lastModifiedDate": "2024-11-21T02:57:00+0000", - "description": "Zend/zend_alloc.c in PHP 7.x before 7.0.10, when open_basedir is enabled, mishandles huge realloc operations, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a long pathname." - }, - "CVE-2016-7134": { - "id": "CVE-2016-7134", - "baseScore": 9.8, - "publishedDate": "2016-09-12T01:59:00+0000", - "lastModifiedDate": "2024-11-21T02:57:00+0000", - "description": "ext/curl/interface.c in PHP 7.x before 7.0.10 does not work around a libcurl integer overflow, which allows remote attackers to cause a denial of service (allocation error and heap-based buffer overflow) or possibly have unspecified other impact via a long string that is mishandled in a curl_escape call." - }, - "CVE-2016-7411": { - "id": "CVE-2016-7411", - "baseScore": 9.8, - "publishedDate": "2016-09-17T21:59:00+0000", - "lastModifiedDate": "2024-11-21T02:57:00+0000", - "description": "ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object." - }, - "CVE-2016-7412": { - "id": "CVE-2016-7412", - "baseScore": 8.1, - "publishedDate": "2016-09-17T21:59:00+0000", - "lastModifiedDate": "2024-11-21T02:57:00+0000", - "description": "ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata." - }, - "CVE-2016-7413": { - "id": "CVE-2016-7413", - "baseScore": 9.8, - "publishedDate": "2016-09-17T21:59:00+0000", - "lastModifiedDate": "2024-11-21T02:57:00+0000", - "description": "Use-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that lacks an end-tag for a recordset field element, leading to mishandling in a wddx_deserialize call." - }, - "CVE-2016-7414": { - "id": "CVE-2016-7414", - "baseScore": 9.8, - "publishedDate": "2016-09-17T21:59:00+0000", - "lastModifiedDate": "2024-11-21T02:57:00+0000", - "description": "The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c." - }, - "CVE-2016-7416": { - "id": "CVE-2016-7416", - "baseScore": 7.5, - "publishedDate": "2016-09-17T21:59:00+0000", - "lastModifiedDate": "2024-11-21T02:57:00+0000", - "description": "ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a MessageFormatter::formatMessage call with a long first argument." - }, - "CVE-2016-7417": { - "id": "CVE-2016-7417", - "baseScore": 9.8, - "publishedDate": "2016-09-17T21:59:00+0000", - "lastModifiedDate": "2024-11-21T02:57:00+0000", - "description": "ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data." - }, - "CVE-2016-7418": { - "id": "CVE-2016-7418", - "baseScore": 7.5, - "publishedDate": "2016-09-17T21:59:00+0000", - "lastModifiedDate": "2024-11-21T02:57:00+0000", - "description": "The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call." - }, - "CVE-2016-7479": { - "id": "CVE-2016-7479", - "baseScore": 9.8, - "publishedDate": "2017-01-12T00:59:00+0000", - "lastModifiedDate": "2024-11-21T02:58:00+0000", - "description": "In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution." - }, - "CVE-2016-9933": { - "id": "CVE-2016-9933", - "baseScore": 7.5, - "publishedDate": "2017-01-04T20:59:00+0000", - "lastModifiedDate": "2024-11-21T03:02:00+0000", - "description": "Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value." - }, - "CVE-2016-9934": { - "id": "CVE-2016-9934", - "baseScore": 7.5, - "publishedDate": "2017-01-04T20:59:00+0000", - "lastModifiedDate": "2024-11-21T03:02:00+0000", - "description": "ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string." - }, - "CVE-2016-9935": { - "id": "CVE-2016-9935", - "baseScore": 9.8, - "publishedDate": "2017-01-04T20:59:00+0000", - "lastModifiedDate": "2024-11-21T03:02:00+0000", - "description": "The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document." - }, - "CVE-2016-9936": { - "id": "CVE-2016-9936", - "baseScore": 9.8, - "publishedDate": "2017-01-04T20:59:00+0000", - "lastModifiedDate": "2024-11-21T03:02:00+0000", - "description": "The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted serialized data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6834." - }, - "CVE-2016-10158": { - "id": "CVE-2016-10158", - "baseScore": 7.5, - "publishedDate": "2017-01-24T21:59:00+0000", - "lastModifiedDate": "2024-11-21T02:43:00+0000", - "description": "The exif_convert_any_to_int function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1." - }, - "CVE-2016-10159": { - "id": "CVE-2016-10159", - "baseScore": 7.5, - "publishedDate": "2017-01-24T21:59:00+0000", - "lastModifiedDate": "2024-11-21T02:43:00+0000", - "description": "Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive." - }, - "CVE-2016-10160": { - "id": "CVE-2016-10160", - "baseScore": 9.8, - "publishedDate": "2017-01-24T21:59:00+0000", - "lastModifiedDate": "2024-11-21T02:43:00+0000", - "description": "Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch." - }, - "CVE-2016-10161": { - "id": "CVE-2016-10161", - "baseScore": 7.5, - "publishedDate": "2017-01-24T21:59:00+0000", - "lastModifiedDate": "2024-11-21T02:43:00+0000", - "description": "The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call." - }, - "CVE-2016-10162": { - "id": "CVE-2016-10162", - "baseScore": 7.5, - "publishedDate": "2017-01-24T21:59:00+0000", - "lastModifiedDate": "2024-11-21T02:43:00+0000", - "description": "The php_wddx_pop_element function in ext/wddx/wddx.c in PHP 7.0.x before 7.0.15 and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an inapplicable class name in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call." - }, - "CVE-2016-10166": { - "id": "CVE-2016-10166", - "baseScore": 9.8, - "publishedDate": "2017-03-15T15:59:00+0000", - "lastModifiedDate": "2024-11-21T02:43:00+0000", - "description": "Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable." - }, - "CVE-2016-10167": { - "id": "CVE-2016-10167", - "baseScore": 5.5, - "publishedDate": "2017-03-15T15:59:00+0000", - "lastModifiedDate": "2024-11-21T02:43:00+0000", - "description": "The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file." - }, - "CVE-2016-10168": { - "id": "CVE-2016-10168", - "baseScore": 7.8, - "publishedDate": "2017-03-15T15:59:00+0000", - "lastModifiedDate": "2024-11-21T02:43:00+0000", - "description": "Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image." - }, - "CVE-2017-5340": { - "id": "CVE-2017-5340", - "baseScore": 9.8, - "publishedDate": "2017-01-11T06:59:00+0000", - "lastModifiedDate": "2024-11-21T03:27:00+0000", - "description": "Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data." - }, - "CVE-2017-7890": { - "id": "CVE-2017-7890", - "baseScore": 6.5, - "publishedDate": "2017-08-02T19:29:00+0000", - "lastModifiedDate": "2024-11-21T03:32:00+0000", - "description": "The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information." - }, - "CVE-2017-9224": { - "id": "CVE-2017-9224", - "baseScore": 9.8, - "publishedDate": "2017-05-24T15:29:00+0000", - "lastModifiedDate": "2024-11-21T03:35:00+0000", - "description": "An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer." - }, - "CVE-2017-9226": { - "id": "CVE-2017-9226", - "baseScore": 9.8, - "publishedDate": "2017-05-24T15:29:00+0000", - "lastModifiedDate": "2024-11-21T03:35:00+0000", - "description": "An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption." - }, - "CVE-2017-9227": { - "id": "CVE-2017-9227", - "baseScore": 9.8, - "publishedDate": "2017-05-24T15:29:00+0000", - "lastModifiedDate": "2024-11-21T03:35:00+0000", - "description": "An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer." - }, - "CVE-2017-9228": { - "id": "CVE-2017-9228", - "baseScore": 9.8, - "publishedDate": "2017-05-24T15:29:00+0000", - "lastModifiedDate": "2024-11-21T03:35:00+0000", - "description": "An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption." - }, - "CVE-2017-9229": { - "id": "CVE-2017-9229", - "baseScore": 7.5, - "publishedDate": "2017-05-24T15:29:00+0000", - "lastModifiedDate": "2024-11-21T03:35:00+0000", - "description": "An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition." - }, - "CVE-2017-11142": { - "id": "CVE-2017-11142", - "baseScore": 7.5, - "publishedDate": "2017-07-10T14:29:00+0000", - "lastModifiedDate": "2024-11-21T03:07:00+0000", - "description": "In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remote attackers could cause a CPU consumption denial of service attack by injecting long form variables, related to main/php_variables.c." - }, - "CVE-2017-11143": { - "id": "CVE-2017-11143", - "baseScore": 7.5, - "publishedDate": "2017-07-10T14:29:00+0000", - "lastModifiedDate": "2024-11-21T03:07:00+0000", - "description": "In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wddx/wddx.c." - }, - "CVE-2017-11144": { - "id": "CVE-2017-11144", - "baseScore": 7.5, - "publishedDate": "2017-07-10T14:29:00+0000", - "lastModifiedDate": "2024-11-21T03:07:00+0000", - "description": "In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation conflict for a negative number in ext/openssl/openssl.c, and an OpenSSL documentation omission." - }, - "CVE-2017-11145": { - "id": "CVE-2017-11145", - "baseScore": 7.5, - "publishedDate": "2017-07-10T14:29:00+0000", - "lastModifiedDate": "2024-11-21T03:07:00+0000", - "description": "In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, an error in the date extension's timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: the correct fix is in the e8b7698f5ee757ce2c8bd10a192a491a498f891c commit, not the bd77ac90d3bdf31ce2a5251ad92e9e75 gist." - }, - "CVE-2017-11147": { - "id": "CVE-2017-11147", - "baseScore": 9.1, - "publishedDate": "2017-07-10T14:29:00+0000", - "lastModifiedDate": "2024-11-21T03:07:00+0000", - "description": "In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function in ext/phar/phar.c." - }, - "CVE-2017-11362": { - "id": "CVE-2017-11362", - "baseScore": 9.8, - "publishedDate": "2017-07-17T13:18:00+0000", - "lastModifiedDate": "2024-11-21T03:07:00+0000", - "description": "In PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ext/intl/msgformat/msgformat_parse.c does not restrict the locale length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact within International Components for Unicode (ICU) for C/C++ via a long first argument to the msgfmt_parse_message function." - }, - "CVE-2017-11628": { - "id": "CVE-2017-11628", - "baseScore": 7.8, - "publishedDate": "2017-07-25T23:29:00+0000", - "lastModifiedDate": "2024-11-21T03:08:00+0000", - "description": "In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications that accept untrusted input (instead of the system's php.ini file) for the parse_ini_string or parse_ini_file function, e.g., a web application for syntax validation of php.ini directives." - }, - "CVE-2017-12932": { - "id": "CVE-2017-12932", - "baseScore": 9.8, - "publishedDate": "2017-08-18T03:29:00+0000", - "lastModifiedDate": "2024-11-21T03:10:00+0000", - "description": "ext/standard/var_unserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x through 7.1.8 is prone to a heap use after free while unserializing untrusted data, related to improper use of the hash API for key deletion in a situation with an invalid array size. Exploitation of this issue can have an unspecified impact on the integrity of PHP." - }, - "CVE-2017-12933": { - "id": "CVE-2017-12933", - "baseScore": 9.8, - "publishedDate": "2017-08-18T03:29:00+0000", - "lastModifiedDate": "2024-11-21T03:10:00+0000", - "description": "The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of PHP." - }, - "CVE-2017-12934": { - "id": "CVE-2017-12934", - "baseScore": 7.5, - "publishedDate": "2017-08-18T03:29:00+0000", - "lastModifiedDate": "2024-11-21T03:10:00+0000", - "description": "ext/standard/var_unserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x before 7.1.7 is prone to a heap use after free while unserializing untrusted data, related to the zval_get_type function in Zend/zend_types.h. Exploitation of this issue can have an unspecified impact on the integrity of PHP." - }, - "CVE-2017-16642": { - "id": "CVE-2017-16642", - "baseScore": 7.5, - "publishedDate": "2017-11-07T21:29:00+0000", - "lastModifiedDate": "2024-11-21T03:16:00+0000", - "description": "In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145." - }, "CVE-2018-5711": { "id": "CVE-2018-5711", "baseScore": 5.5, @@ -5959,9 +4147,9 @@ }, "CVE-2025-1219": { "id": "CVE-2025-1219", - "baseScore": null, + "baseScore": 5.3, "publishedDate": "2025-03-30T06:15:00+0000", - "lastModifiedDate": "2025-03-31T13:15:00+0000", + "lastModifiedDate": "2025-04-15T16:54:00+0000", "description": "In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type\u00a0header is used to determine the charset when the requested resource performs a redirect. This may cause the resulting document to be parsed incorrectly or bypass validations." }, "CVE-2025-1734": {