PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.
Релизный цикл, информация об уязвимостях
График релизов
Количество 3 883
GHSA-g49p-q335-6257
regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion.
GHSA-v2wg-2jpv-87h6
SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and 1.11.x before 1.11.6 when using non-ASCII-compatible encodings in conjunction PDO_MySql in PHP before 5.3.6.
GHSA-mx27-jhrp-2gfm
PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output.
BDU:2022-01596
Уязвимость функции filter_var интерпретатора языка PHP, позволяющая нарушителю выполнить произвольный код
SUSE-SU-2022:0847-1
Security update for php7
openSUSE-SU-2022:0847-1
Security update for php7
openSUSE-SU-2022:0699-1
Security update for php7
SUSE-SU-2022:0699-1
Security update for php7
SUSE-SU-2022:0654-1
Security update for php74
GHSA-g9qg-rg7j-whhx
In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-g49p-q335-6257 regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion. | 25% Средний | почти 4 года назад | |
| GHSA-v2wg-2jpv-87h6 SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and 1.11.x before 1.11.6 when using non-ASCII-compatible encodings in conjunction PDO_MySql in PHP before 5.3.6. | CVSS3: 9.8 | 6% Низкий | почти 4 года назад |
| GHSA-mx27-jhrp-2gfm PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output. | CVSS3: 7.5 | 2% Низкий | почти 4 года назад |
 | BDU:2022-01596 Уязвимость функции filter_var интерпретатора языка PHP, позволяющая нарушителю выполнить произвольный код | CVSS3: 7.5 | почти 4 года назад | |
 | SUSE-SU-2022:0847-1 Security update for php7 | 0% Низкий | почти 4 года назад | |
| openSUSE-SU-2022:0847-1 Security update for php7 | 0% Низкий | почти 4 года назад | |
| openSUSE-SU-2022:0699-1 Security update for php7 | 5% Низкий | почти 4 года назад | |
| SUSE-SU-2022:0699-1 Security update for php7 | 5% Низкий | почти 4 года назад | |
| SUSE-SU-2022:0654-1 Security update for php74 | 0% Низкий | почти 4 года назад | |
| GHSA-g9qg-rg7j-whhx In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits. | CVSS3: 9.8 | 0% Низкий | почти 4 года назад |
Уязвимостей на страницу