PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.
Релизный цикл, информация об уязвимостях
График релизов
Количество 3 843
CVE-2023-0662
In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space.
CVE-2023-0568
In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification.
BDU:2023-00530
Уязвимость PHP-библиотеки генерации PDF-документов из HTML-разметки и CSS-стилей Dompdf, связанная с неверным порядком проверки авторизация перед синтаксическим анализом и канонизацией, позволяющая нарушителю удалить произвольные файлы или выполнить произвольный код
SUSE-SU-2023:0084-1
Security update for php7
SUSE-SU-2023:0074-1
Security update for php8
SUSE-SU-2023:0073-1
Security update for php7
CVE-2022-31631
In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities.
BDU:2024-07326
Уязвимость функции верификации пароля языка программирования PHP, связанная с недостаточным вычислением хеша пароля, позволяющая нарушителю оказать воздействие на целостность данных
GHSA-jw98-jrc9-mrx5
In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.
CVE-2022-31630
In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2023-0662 In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space. | CVSS3: 7.5 | 0% Низкий | больше 2 лет назад |
| CVE-2023-0568 In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification. | CVSS3: 7.5 | 0% Низкий | больше 2 лет назад |
 | BDU:2023-00530 Уязвимость PHP-библиотеки генерации PDF-документов из HTML-разметки и CSS-стилей Dompdf, связанная с неверным порядком проверки авторизация перед синтаксическим анализом и канонизацией, позволяющая нарушителю удалить произвольные файлы или выполнить произвольный код | CVSS3: 10 | 57% Средний | больше 2 лет назад |
 | SUSE-SU-2023:0084-1 Security update for php7 | 0% Низкий | больше 2 лет назад | |
| SUSE-SU-2023:0074-1 Security update for php8 | 0% Низкий | больше 2 лет назад | |
| SUSE-SU-2023:0073-1 Security update for php7 | 0% Низкий | больше 2 лет назад | |
| CVE-2022-31631 In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities. | CVSS3: 5.9 | 0% Низкий | больше 2 лет назад |
| BDU:2024-07326 Уязвимость функции верификации пароля языка программирования PHP, связанная с недостаточным вычислением хеша пароля, позволяющая нарушителю оказать воздействие на целостность данных | CVSS3: 6.2 | 0% Низкий | больше 2 лет назад |
| GHSA-jw98-jrc9-mrx5 In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information. | CVSS3: 7.1 | 0% Низкий | почти 3 года назад |
 | CVE-2022-31630 In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information. | CVSS3: 6.5 | 0% Низкий | почти 3 года назад |
Уязвимостей на страницу