PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.
Релизный цикл, информация об уязвимостях
График релизов
Количество 3 883
BDU:2015-09882
Уязвимость интерпретатора PHP, позволяющая удалённому злоумышленнику получить доступ к области памяти за пределами границ приложения или вызвать аварийное завершение приложения
CVE-2014-2270
softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.
CVE-2013-6420
The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function.
CVE-2013-6420
The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP befor ...
CVE-2013-6420
The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function.
BDU:2022-02631
Уязвимость функции asn1_time_to_time_t (ext/openssl/openssl.c) интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольный код
CVE-2013-6420
The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function.
CVE-2013-6712
The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification.
CVE-2013-6712
The scan function in ext/date/lib/parse_iso_intervals.c in PHP through ...
CVE-2013-6712
The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | BDU:2015-09882 Уязвимость интерпретатора PHP, позволяющая удалённому злоумышленнику получить доступ к области памяти за пределами границ приложения или вызвать аварийное завершение приложения | CVSS2: 5 | 6% Низкий | около 12 лет назад |
 | CVE-2014-2270 softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable. | CVSS2: 4.3 | 33% Средний | около 12 лет назад |
 | CVE-2013-6420 The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function. | CVSS2: 7.5 | 47% Средний | около 12 лет назад |
| CVE-2013-6420 The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP befor ... | CVSS2: 7.5 | 47% Средний | около 12 лет назад |
 | CVE-2013-6420 The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function. | CVSS2: 7.5 | 47% Средний | около 12 лет назад |
| BDU:2022-02631 Уязвимость функции asn1_time_to_time_t (ext/openssl/openssl.c) интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольный код | CVSS3: 5.6 | 47% Средний | около 12 лет назад |
| CVE-2013-6420 The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function. | CVSS2: 7.5 | 47% Средний | около 12 лет назад |
| CVE-2013-6712 The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification. | CVSS2: 5 | 17% Средний | около 12 лет назад |
| CVE-2013-6712 The scan function in ext/date/lib/parse_iso_intervals.c in PHP through ... | CVSS2: 5 | 17% Средний | около 12 лет назад |
| CVE-2013-6712 The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification. | CVSS2: 5 | 17% Средний | около 12 лет назад |
Уязвимостей на страницу