VuXML ID | Description |
47b4e713-6513-11e3-868f-0025905a4771 | PHP5 -- memory corruption in openssl_x509_parse()
Stefan Esser reports:
The PHP function openssl_x509_parse() uses a helper function
called asn1_time_to_time_t() to convert timestamps from ASN1
string format into integer timestamp values. The parser within
this helper function is not binary safe and can therefore be
tricked to write up to five NUL bytes outside of an allocated
buffer.
This problem can be triggered by x509 certificates that contain
NUL bytes in their notBefore and notAfter timestamp fields and
leads to a memory corruption that might result in arbitrary
code execution.
Depending on how openssl_x509_parse() is used within a PHP
application the attack requires either a malicious cert signed
by a compromised/malicious CA or can be carried out with a
self-signed cert.
Discovery 2013-12-13 Entry 2013-12-14 php5
ge 5.4.0 lt 5.4.23
php53
< 5.3.28
php55
ge 5.5.0 lt 5.5.7
CVE-2013-6420
https://www.sektioneins.de/advisories/advisory-012013-php-openssl_x509_parse-memory-corruption-vulnerability.html
|
7fe7df75-6568-11e6-a590-14dae9d210b8 | End of Life Ports
These packages have reached End of Life status and/or have
been removed from the Ports Tree. They may contain undocumented
security issues. Please take caution and find alternative
software as soon as possible.
Discovery 2016-08-18 Entry 2016-08-18 Modified 2016-10-18 python32
python31
python30
python26
python25
python24
python23
python22
python21
python20
python15
ge 0
php54
php53
php52
php5
php4
ge 0
perl5
< 5.18
perl5.16
perl5.14
perl5.12
perl
ge 0
ruby
ruby_static
< 2.1,1
unifi2
unifi3
ge 0
apache21
apache20
apache13
ge 0
tomcat55
tomcat41
ge 0
mysql51-client
mysql51-server
mysql50-client
mysql50-server
mysql41-client
mysql41-server
mysql40-client
mysql40-server
ge 0
postgresql90-client
postgresql90-server
postgresql84-client
postgresql84-server
postgresql83-client
postgresql83-server
postgresql82-client
postgresql82-server
postgresql81-client
postgresql81-server
postgresql80-client
postgresql80-server
postgresql74-client
postgresql74-server
postgresql73-client
postgresql73-server
postgresql72-client
postgresql72-server
postgresql71-client
postgresql71-server
postgresql7-client
postgresql7-server
ge 0
ports/211975
|
31de2e13-00d2-11e5-a072-d050996490d0 | php -- multiple vulnerabilities
PHP development team reports:
Fixed bug #69364 (PHP Multipart/form-data remote DoS
Vulnerability). (CVE-2015-4024)
Fixed bug #69418 (CVE-2006-7243 fix regressions in
5.4+). (CVE-2015-4025)
Fixed bug #69545 (Integer overflow in ftp_genlist()
resulting in heap overflow). (CVE-2015-4022)
Fixed bug #68598 (pcntl_exec() should not allow null
char). (CVE-2015-4026)
Fixed bug #69453 (Memory Corruption in phar_parse_tarfile
when entry filename starts with null). (CVE-2015-4021)
Discovery 2015-05-14 Entry 2015-05-22 php5
< 5.4.41
php55
< 5.5.25
php56
< 5.6.9
CVE-2015-4021
CVE-2015-4022
CVE-2015-4024
CVE-2015-4025
CVE-2015-4026
https://php.net/ChangeLog-5.php#5.6.9
|
3d675519-5654-11e5-9ad8-14dae9d210b8 | php -- multiple vulnerabilities
PHP reports:
- Core:
- Fixed bug #70172 (Use After Free Vulnerability in unserialize()).
- Fixed bug #70219 (Use after free vulnerability in session deserializer).
- EXIF:
- Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes).
- hash:
- Fixed bug #70312 (HAVAL gives wrong hashes in specific cases).
- PCRE:
- Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions).
- SOAP:
- Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE).
- SPL:
- Fixed bug #70365 (Use-after-free vulnerability in unserialize() with SplObjectStorage).
- Fixed bug #70366 (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList).
- XSLT:
- Fixed bug #69782 (NULL pointer dereference).
- ZIP:
- Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when creating directories).
Discovery 2015-09-03 Entry 2015-09-08 Modified 2015-09-08 php5
php5-soap
php5-xsl
< 5.4.45
php55
php55-soap
php55-xsl
< 5.5.29
php56
php56-soap
php56-xsl
< 5.6.13
http://php.net/ChangeLog-5.php#5.4.45
http://php.net/ChangeLog-5.php#5.5.29
http://php.net/ChangeLog-5.php#5.6.13
CVE-2015-6834
CVE-2015-6835
CVE-2015-6836
CVE-2015-6837
CVE-2015-6838
|
f7a9e415-bdca-11e4-970c-000c292ee6b8 | php5 -- multiple vulnerabilities
The PHP Project reports:
Use after free vulnerability in unserialize() with DateTimeZone.
Mitigation for CVE-2015-0235 -- GHOST: glibc gethostbyname buffer
overflow.
Discovery 2015-02-18 Entry 2015-02-26 php5
< 5.4.38
php55
< 5.5.22
php56
< 5.6.6
CVE-2015-0235
CVE-2015-0273
http://php.net/ChangeLog-5.php#5.4.38
http://php.net/ChangeLog-5.php#5.5.22
http://php.net/ChangeLog-5.php#5.6.6
|
5def3175-f3f9-4476-ba40-b46627cc638c | PHP5 -- Integer overflow in Calendar module
The PHP development team reports:
Integer overflow in the SdnToJewish function in jewish.c
in the Calendar component in PHP before 5.3.26 and 5.4.x
before 5.4.16 allows context-dependent attackers to cause a
denial of service (application hang) via a large argument to
the jdtojewish function.
Discovery 2013-05-22 Entry 2013-07-16 php5
ge 5.4.0 lt 5.4.16
php53
< 5.3.26
CVE-2013-4635
https://bugs.php.net/bug.php?id=64895
|
787ef75e-44da-11e5-93ad-002590263bf5 | php5 -- multiple vulnerabilities
The PHP project reports:
Core:
- Fixed bug #69793 (Remotely triggerable stack exhaustion via
recursive method calls).
- Fixed bug #70121 (unserialize() could lead to unexpected methods
execution / NULL pointer deref).
OpenSSL:
- Fixed bug #70014 (openssl_random_pseudo_bytes() is not
cryptographically secure).
Phar:
- Improved fix for bug #69441.
- Fixed bug #70019 (Files extracted from archive may be placed
outside of destination directory).
SOAP:
- Fixed bug #70081 (SoapClient info leak / null pointer
dereference via multiple type confusions).
SPL:
- Fixed bug #70068 (Dangling pointer in the unserialization of
ArrayObject items).
- Fixed bug #70166 (Use After Free Vulnerability in unserialize()
with SPLArrayObject).
- Fixed bug #70168 (Use After Free Vulnerability in unserialize()
with SplObjectStorage).
- Fixed bug #70169 (Use After Free Vulnerability in unserialize()
with SplDoublyLinkedList).
Discovery 2015-08-06 Entry 2015-08-17 Modified 2015-09-08 php5
php5-openssl
php5-phar
php5-soap
< 5.4.44
php55
php55-openssl
php55-phar
php55-soap
< 5.5.28
php56
php56-openssl
php56-phar
php56-soap
< 5.6.12
http://php.net/ChangeLog-5.php#5.4.44
http://php.net/ChangeLog-5.php#5.5.28
http://php.net/ChangeLog-5.php#5.6.12
CVE-2015-6831
CVE-2015-6832
CVE-2015-6833
|
5a1d5d74-29a0-11e5-86ff-14dae9d210b8 | php -- arbitrary code execution
cmb reports:
When delayed variable substitution is enabled (can be set in the
Registry, for instance), !ENV! works similar to %ENV%, and the
value of the environment variable ENV will be subsituted.
Discovery 2015-06-07 Entry 2015-07-13 php56
< 5.6.11
php55
< 5.5.27
php5
< 5.4.43
https://bugs.php.net/bug.php?id=69768
|
1d23109a-9005-11e2-9602-d43d7e0c7c02 | php5 -- Multiple vulnerabilities
The PHP development team reports:
PHP does not validate the relationship between the soap.wsdl_cache_dir
directive and the open_basedir directive, which allows remote attackers to
bypass intended access restrictions by triggering the creation of cached
SOAP WSDL files in an arbitrary directory.
The SOAP parser in PHP allows remote attackers to read arbitrary files
via a SOAP WSDL file containing an XML external entity declaration in
conjunction with an entity reference, related to an XML External Entity
(XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions.
Discovery 2013-03-04 Entry 2013-03-18 php5
< 5.4.13
php53
< 5.3.23
CVE-2013-1643
CVE-2013-1635
|
742563d4-d776-11e4-b595-4061861086c1 | Several vulnerabilities found in PHP
The PHP project reports:
The PHP development team announces the immediate
availability of PHP 5.6.7. Several bugs have been
fixed as well as CVE-2015-0231, CVE-2015-2305 and
CVE-2015-2331. All PHP 5.6 users are encouraged to
upgrade to this version.
The PHP development team announces the immediate
availability of PHP 5.5.23. Several bugs have been
fixed as well as CVE-2015-0231, CVE-2015-2305 and
CVE-2015-2331. All PHP 5.5 users are encouraged
to upgrade to this version.
The PHP development team announces the immediate
availability of PHP 5.4.39. Six security-related
bugs were fixed in this release, including
CVE-2015-0231, CVE-2015-2305 and CVE-2015-2331.
All PHP 5.4 users are encouraged to upgrade to
this version.
Discovery 2015-03-19 Entry 2015-04-01 php53
le 5.3.29_5
php5
< 5.4.39
php55
< 5.5.23
php56
< 5.6.7
http://php.net/archive/2015.php#id2015-03-20-2
CVE-2015-0231
CVE-2015-2305
CVE-2015-2311
ports/198739
|
59e7163c-cf84-11e2-907b-0025905a4770 | php5 -- Heap based buffer overflow in quoted_printable_encode
The PHP development team reports:
A Heap-based buffer overflow flaw was found in the php
quoted_printable_encode() function. A remote attacker could use
this flaw to cause php to crash or execute arbirary code with the
permission of the user running php
Discovery 2013-06-06 Entry 2013-06-07 php5
< 5.4.16
php53
< 5.3.26
CVE-2013-2110
https://bugzilla.redhat.com/show_bug.cgi?id=964969
|
af7fbd91-29a1-11e5-86ff-14dae9d210b8 | php -- use-after-free vulnerability
Symeon Paraschoudis reports:
Use-after-free vulnerability in spl_recursive_it_move_forward_ex()
Discovery 2015-06-30 Entry 2015-07-13 php56
< 5.6.11
php55
< 5.5.27
php5
< 5.4.43
https://bugs.php.net/bug.php?id=69970
|
1e232a0c-eb57-11e4-b595-4061861086c1 | Several vulnerabilities found in PHP
The PHP project reports:
The PHP development team announces the immediate
availability of PHP 5.4.40. 14 security-related
bugs were fixed in this release, including
CVE-2014-9709, CVE-2015-2301, CVE-2015-2783,
CVE-2015-1352. All PHP 5.4 users are encouraged to
upgrade to this version.
The PHP development team announces the immediate
availability of PHP 5.5.24. Several bugs have been
fixed, some of them being security related, like
CVE-2015-1351 and CVE-2015-1352. All PHP 5.5 users
are encouraged to upgrade to this version.
The PHP development team announces the immediate
availability of PHP 5.6.8. Several bugs have been
fixed, some of them being security related, like
CVE-2015-1351 and CVE-2015-1352. All PHP 5.6 users
are encouraged to upgrade to this version.
Discovery 2015-04-16 Entry 2015-04-25 Modified 2015-05-22 php5
< 5.4.40
php55
< 5.5.24
php56
< 5.6.8
http://php.net/archive/2015.php#id2015-04-16-2
CVE-2014-9709
CVE-2015-2301
CVE-2015-2783
CVE-2015-1351
CVE-2015-1352
ports/199585
|