PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.
Релизный цикл, информация об уязвимостях
График релизов
Количество 3 883
CVE-2016-4473
/ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code. NOTE: Introduced as part of an incomplete fix to CVE-2015-6833.
CVE-2016-4473
/ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote attackers ...
CVE-2016-4473
/ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code. NOTE: Introduced as part of an incomplete fix to CVE-2015-6833.
BDU:2017-01772
Уязвимость компонента /ext/phar/phar_object.c интерпретатора PHP, позволяющая нарушителю выполнить произвольный код
CVE-2017-11144
In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation conflict for a negative number in ext/openssl/openssl.c, and an OpenSSL documentation omission.
CVE-2017-9229
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition.
CVE-2017-9229
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod i ...
CVE-2017-9228
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption.
CVE-2017-9228
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod i ...
CVE-2017-9227
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2016-4473 /ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code. NOTE: Introduced as part of an incomplete fix to CVE-2015-6833. | CVSS3: 9.8 | 21% Средний | больше 8 лет назад |
| CVE-2016-4473 /ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote attackers ... | CVSS3: 9.8 | 21% Средний | больше 8 лет назад |
 | CVE-2016-4473 /ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code. NOTE: Introduced as part of an incomplete fix to CVE-2015-6833. | CVSS3: 9.8 | 21% Средний | больше 8 лет назад |
 | BDU:2017-01772 Уязвимость компонента /ext/phar/phar_object.c интерпретатора PHP, позволяющая нарушителю выполнить произвольный код | CVSS2: 7.5 | 21% Средний | больше 8 лет назад |
 | CVE-2017-11144 In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation conflict for a negative number in ext/openssl/openssl.c, and an OpenSSL documentation omission. | CVSS3: 5.9 | 31% Средний | больше 8 лет назад |
| CVE-2017-9229 An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition. | CVSS3: 7.5 | 1% Низкий | больше 8 лет назад |
| CVE-2017-9229 An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod i ... | CVSS3: 7.5 | 1% Низкий | больше 8 лет назад |
| CVE-2017-9228 An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption. | CVSS3: 9.8 | 1% Низкий | больше 8 лет назад |
| CVE-2017-9228 An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod i ... | CVSS3: 9.8 | 1% Низкий | больше 8 лет назад |
| CVE-2017-9227 An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer. | CVSS3: 9.8 | 0% Низкий | больше 8 лет назад |
Уязвимостей на страницу