Количество 10
Количество 10
GHSA-q5x2-3h44-rh43
The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation after the principal argument loop, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6837.
CVE-2015-6838
The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation after the principal argument loop, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6837.
CVE-2015-6838
The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation after the principal argument loop, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6837.
CVE-2015-6838
The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation after the principal argument loop, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6837.
CVE-2015-6838
The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP be ...
BDU:2016-01356
Уязвимость интерпретатора PHP и библиотеки libxml2, позволяющая нарушителю вызвать отказ в обслуживании
SUSE-SU-2015:1701-1
Security update for php5
SUSE-SU-2015:1818-1
Security update for php53
SUSE-SU-2015:1633-1
Security update for php5
SUSE-SU-2016:1638-1
Security update for php53
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-q5x2-3h44-rh43 The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation after the principal argument loop, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6837. | CVSS3: 7.5 | 4% Низкий | около 3 лет назад |
 | CVE-2015-6838 The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation after the principal argument loop, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6837. | CVSS3: 7.5 | 4% Низкий | около 9 лет назад |
 | CVE-2015-6838 The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation after the principal argument loop, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6837. | CVSS2: 2.6 | 4% Низкий | около 10 лет назад |
 | CVE-2015-6838 The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation after the principal argument loop, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6837. | CVSS3: 7.5 | 4% Низкий | около 9 лет назад |
| CVE-2015-6838 The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP be ... | CVSS3: 7.5 | 4% Низкий | около 9 лет назад |
 | BDU:2016-01356 Уязвимость интерпретатора PHP и библиотеки libxml2, позволяющая нарушителю вызвать отказ в обслуживании | CVSS2: 5 | 4% Низкий | около 9 лет назад |
 | SUSE-SU-2015:1701-1 Security update for php5 | почти 10 лет назад | ||
| SUSE-SU-2015:1818-1 Security update for php53 | больше 9 лет назад | ||
| SUSE-SU-2015:1633-1 Security update for php5 | почти 10 лет назад | ||
| SUSE-SU-2016:1638-1 Security update for php53 | почти 9 лет назад |
Уязвимостей на страницу