Product:

Php

(Php)
Repositories https://github.com/php/php-src
https://github.com/file/file
https://github.com/kkos/oniguruma
https://github.com/libgd/libgd
https://github.com/mysql/mysql-server
#Vulnerabilities 683
Date Id Summary Products Score Patch Annotated
2015-12-02 CVE-2015-8383 PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. Fedora, Perl_compatible_regular_expression_library, Php 9.8
2015-12-02 CVE-2015-8386 PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. Fedora, Linux, Perl_compatible_regular_expression_library, Php 9.8
2015-12-02 CVE-2015-8387 PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. Fedora, Perl_compatible_regular_expression_library, Php 7.3
2015-12-02 CVE-2015-8389 PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. Fedora, Perl_compatible_regular_expression_library, Php 9.8
2015-12-02 CVE-2015-8390 PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. Fedora, Perl_compatible_regular_expression_library, Php 9.8
2015-12-02 CVE-2015-8391 The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. Fedora, Linux, Pcre, Php, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation 9.8
2015-12-02 CVE-2015-8393 pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client. Fedora, Perl_compatible_regular_expression_library, Php 7.5
2021-11-29 CVE-2021-21707 In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended. Debian_linux, Clustered_data_ontap, Php, Tenable\.sc 5.3
2007-06-04 CVE-2007-2872 Multiple integer overflows in the chunk_split function in PHP 5 before 5.2.3 and PHP 4 before 4.4.8 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via the (1) chunks, (2) srclen, and (3) chunklen arguments. Php N/A
2008-05-05 CVE-2008-2050 Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP before 5.2.6 has unknown impact and attack vectors. Php N/A