PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.
Релизный цикл, информация об уязвимостях
График релизов
Количество 3 883
CVE-2017-9118
PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call.
CVE-2017-9119
The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service (memory consumption and application crash) or possibly have unspecified other impact by triggering crafted operations on array data structures.
CVE-2017-8923
The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string.
CVE-2017-8923
The zend_string_extend function in Zend/zend_string.h in PHP through 7 ...
CVE-2017-8923
The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string.
CVE-2017-8923
The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string.
BDU:2017-01814
Уязвимость функции zend_string_extend интерпретатора PHP, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
CVE-2017-9120
PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string.
CVE-2016-5399
The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive.
CVE-2016-5399
The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x befor ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2017-9118 PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call. | CVSS3: 5.3 | 0% Низкий | больше 8 лет назад |
| CVE-2017-9119 The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service (memory consumption and application crash) or possibly have unspecified other impact by triggering crafted operations on array data structures. | CVSS3: 5.9 | 0% Низкий | больше 8 лет назад |
 | CVE-2017-8923 The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string. | CVSS3: 9.8 | 5% Низкий | больше 8 лет назад |
| CVE-2017-8923 The zend_string_extend function in Zend/zend_string.h in PHP through 7 ... | CVSS3: 9.8 | 5% Низкий | больше 8 лет назад |
 | CVE-2017-8923 The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string. | CVSS3: 9.8 | 5% Низкий | больше 8 лет назад |
| CVE-2017-8923 The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string. | CVSS3: 7.5 | 5% Низкий | больше 8 лет назад |
 | BDU:2017-01814 Уязвимость функции zend_string_extend интерпретатора PHP, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие | CVSS2: 7.5 | 5% Низкий | больше 8 лет назад |
| CVE-2017-9120 PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string. | CVSS3: 5.3 | 4% Низкий | больше 8 лет назад |
| CVE-2016-5399 The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive. | CVSS3: 7.8 | 17% Средний | почти 9 лет назад |
| CVE-2016-5399 The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x befor ... | CVSS3: 7.8 | 17% Средний | почти 9 лет назад |
Уязвимостей на страницу