CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1CVE-2017-9118 – php: Out of bounds access in php_pcre.c:php_pcre_replace_impl()
https://notcve.org/view.php?id=CVE-2017-9118
02 Aug 2018 — PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call. PHP 7.1.5 tiene un acceso fuera de límites en php_pcre_replace_impl mediante una llamada preg_replace. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer overflow, bypass, cross site scripting, denial of service, information leakage, and null pointer vulnerabilities. • https://access.redhat.com/errata/RHSA-2019:2519 • CWE-125: Out-of-bounds Read CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.8EPSS: 1%CPEs: 4EXPL: 4CVE-2015-9253 – Ubuntu Security Notice USN-5300-1
https://notcve.org/view.php?id=CVE-2015-9253
19 Feb 2018 — An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions (e.g., passthru, exec, shell_exec, or system) with a non-blocking STDIN stream, causing this master process to consume 100% of the CPU, and consume disk space with a large volume of error logs, as demonstrated by an attack by a customer of a shared-hosting facility. Se ha descubierto un problema en PHP en... • https://bugs.php.net/bug.php?id=70185 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 5%CPEs: 2EXPL: 1CVE-2017-8923 – php: Overflowing the length of string causes crash
https://notcve.org/view.php?id=CVE-2017-8923
12 May 2017 — The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string. La función zend_string_extend en el archivo Zend/zend_string.h en PHP hasta de la versión 7.1.5 no impide cambios en los objetos de cadena que resultan en una longitud negativa, lo que... • http://www.securityfocus.com/bid/98518 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 4%CPEs: 85EXPL: 0CVE-2006-3017
https://notcve.org/view.php?id=CVE-2006-3017
14 Jun 2006 — zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x before 5.1.3 can cause zend_hash_del to delete the wrong element, which prevents a variable from being unset even when the PHP unset function is called, which might cause the variable's value to be used in security-relevant operations. • ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U •