Описание
The php_url_parse_ex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via vectors involving the smart_str data type.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| hhvm | fixed | 3.12.1+dfsg-1 | package | |
| php5 | fixed | 5.6.15+dfsg-1 | package |
Примечания
https://bugs.php.net/bug.php?id=70480
https://github.com/facebook/hhvm/commit/3fa7e73055855c409d48e8aa1dc416a76d3dd764
https://git.php.net/?p=php-src.git;a=commitdiff;h=629e4da7cc8b174acdeab84969cbfc606a019b31
EPSS
Связанные уязвимости
The php_url_parse_ex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via vectors involving the smart_str data type.
The php_url_parse_ex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via vectors involving the smart_str data type.
The php_url_parse_ex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via vectors involving the smart_str data type.
The php_url_parse_ex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via vectors involving the smart_str data type.
EPSS