CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 1CVE-2023-0567 – password_verify() always returns true for some invalid hashes
https://notcve.org/view.php?id=CVE-2023-0567
16 Feb 2023 — In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid. A vulnerability was found in PHP. This security flaw occurs when malformatted BCrypt hashes that include a $ within their salt part trigger a buffer overread and may erroneously validate any password as valid. It was discovere... • https://bugs.php.net/bug.php?id=81744 • CWE-328: Use of Weak Hash CWE-916: Use of Password Hash With Insufficient Computational Effort •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-31631 – PDO::quote() may return unquoted string
https://notcve.org/view.php?id=CVE-2022-31631
11 Jan 2023 — In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities. A flaw was found in PHP. This issue occurs due to an uncaught integer overflow in PDO::quote() of PDO_SQLite returning an improperly quoted string. With the implementation of sqlite3_snprintf(), it is possible to force th... • https://bugs.php.net/bug.php?id=81740 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-190: Integer Overflow or Wraparound •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 1CVE-2022-31630 – OOB read due to insufficient input validation in imageloadfont()
https://notcve.org/view.php?id=CVE-2022-31630
09 Nov 2022 — In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information. En versiones de PHP anteriores a 7.4.33, 8.0.25 y 8.2.12, cuando se usa la función imageloadfont() en la extensión gd, es posible proporcionar un archivo de fuente especialm... • https://bugs.php.net/bug.php?id=81739 • CWE-125: Out-of-bounds Read CWE-131: Incorrect Calculation of Buffer Size CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 1%CPEs: 15EXPL: 1CVE-2022-37454 – XKCP: buffer overflow in the SHA-3 reference implementation
https://notcve.org/view.php?id=CVE-2022-37454
21 Oct 2022 — The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface. La implementación de referencia de Keccak XKCP SHA-3 versiones anteriores a fdc6fef, presenta un desbordamiento de enteros y un desbordamiento de búfer resultante que permite a atacantes ejecutar código arbitrario o eliminar las propiedades criptográfica... • https://csrc.nist.gov/projects/hash-functions/sha-3-project • CWE-190: Integer Overflow or Wraparound CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 7.8EPSS: 32%CPEs: 8EXPL: 2CVE-2022-31629 – $_COOKIE names string replacement (. -> _): cookie integrity vulnerabilities
https://notcve.org/view.php?id=CVE-2022-31629
28 Sep 2022 — In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications. En PHP versiones anteriores a 7.4.31, 8.0.24 y 8.1.11, la vulnerabilidad permite a atacantes de la red y del mismo sitio establecer una cookie no segura estándar en el navegador de la víctima que es tratada como una cookie "__Host-" o "__Secure-" por las aplicaciones PHP... • https://github.com/silnex/CVE-2022-31629-poc • CWE-20: Improper Input Validation CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-31628 – phar wrapper can occur dos when using quine gzip file
https://notcve.org/view.php?id=CVE-2022-31628
28 Sep 2022 — In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop. En PHP versiones anteriores a 7.4.31, 8.0.24 y 8.1.11, el código del descompresor phar descomprimía recursivamente archivos gzip "quines", resultando en un bucle infinito A vulnerability was found in PHP due to an infinite loop within the phar uncompressor code when processing "quines" gzip files. This vulnerability allows a remote attacker to pass a s... • https://bugs.php.net/bug.php?id=81726 • CWE-674: Uncontrolled Recursion CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-31627 – Heap buffer overflow in finfo_buffer
https://notcve.org/view.php?id=CVE-2022-31627
25 Jul 2022 — In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfo_buffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free allocated memory, which may lead to heap corruption. En PHP versiones 8.1.x anteriores a 8.1.8, cuando las funciones fileinfo, como finfo_buffer, debido a un parche incorrecto aplicado al código de terceros de libmagic, puede usarse una función incorrecta para liberar la memoria asignada, lo que puede conllevar a una co... • https://bugs.php.net/bug.php?id=81723 • CWE-590: Free of Memory not on the Heap CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 6%CPEs: 5EXPL: 2CVE-2022-31626 – mysqlnd/pdo password buffer overflow
https://notcve.org/view.php?id=CVE-2022-31626
16 Jun 2022 — In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability. En PHP versiones 7.4.x anteriores a 7.4.30, 8.0.x anteriores a 8.0.20 y 8.1.x anteriores a 8.1.7, cuando la extensión pdo_mysql con el controlador mysqlnd, si es permi... • https://github.com/amitlttwo/CVE-2022-31626 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 1CVE-2022-31625 – Freeing unallocated memory in php_pgsql_free_params()
https://notcve.org/view.php?id=CVE-2022-31625
16 Jun 2022 — In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service. En PHP versiones 7.4.x anteriores a 7.4.30, 8.0.x anteriores a 8.0.20 y 8.1.x anteriores a 8.1.7, cuando es usada la extensión de la base de datos Postgres, el suministro de parámetros no válidos a l... • https://bugs.php.net/bug.php?id=81720 • CWE-590: Free of Memory not on the Heap CWE-763: Release of Invalid Pointer or Reference CWE-824: Access of Uninitialized Pointer •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2021-21708 – UAF due to php_filter_float() failing
https://notcve.org/view.php?id=CVE-2021-21708
27 Feb 2022 — In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits. En PHP versiones 7.4.x anteriores a 7.4.28, versiones 8.0.x anteriores a 8.0.16 y versiones ... • https://bugs.php.net/bug.php?id=81708 • CWE-416: Use After Free •