PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.
Релизный цикл, информация об уязвимостях
График релизов
Количество 3 867
BDU:2017-01813
Уязвимость функции i_zval_ptr_dtor интерпретатора PHP, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
CVE-2017-9067
In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal.
CVE-2017-9226
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption.
BDU:2017-01841
Уязвимость библиотеки Oniguruma, связанная с некорректной обработкой чисел и позволяющая нарушителю вызвать повреждение памяти
CVE-2017-9118
PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call.
CVE-2017-9119
The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service (memory consumption and application crash) or possibly have unspecified other impact by triggering crafted operations on array data structures.
CVE-2017-8923
The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string.
CVE-2017-8923
The zend_string_extend function in Zend/zend_string.h in PHP through 7 ...
CVE-2017-8923
The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string.
CVE-2017-8923
The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | BDU:2017-01813 Уязвимость функции i_zval_ptr_dtor интерпретатора PHP, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие | CVSS2: 7.5 | 1% Низкий | больше 8 лет назад |
 | CVE-2017-9067 In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal. | CVSS3: 7 | 0% Низкий | больше 8 лет назад |
 | CVE-2017-9226 An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption. | CVSS3: 4.8 | 3% Низкий | больше 8 лет назад |
| BDU:2017-01841 Уязвимость библиотеки Oniguruma, связанная с некорректной обработкой чисел и позволяющая нарушителю вызвать повреждение памяти | CVSS2: 7.5 | 3% Низкий | больше 8 лет назад |
| CVE-2017-9118 PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call. | CVSS3: 5.3 | 1% Низкий | больше 8 лет назад |
| CVE-2017-9119 The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service (memory consumption and application crash) or possibly have unspecified other impact by triggering crafted operations on array data structures. | CVSS3: 5.9 | 1% Низкий | больше 8 лет назад |
| CVE-2017-8923 The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string. | CVSS3: 9.8 | 1% Низкий | больше 8 лет назад |
| CVE-2017-8923 The zend_string_extend function in Zend/zend_string.h in PHP through 7 ... | CVSS3: 9.8 | 1% Низкий | больше 8 лет назад |
 | CVE-2017-8923 The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string. | CVSS3: 9.8 | 1% Низкий | больше 8 лет назад |
| CVE-2017-8923 The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string. | CVSS3: 7.5 | 1% Низкий | больше 8 лет назад |
Уязвимостей на страницу