Search CVE reports
71 – 72 of 72 results
Some fixes available 4 of 9
The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash)...
6 affected packages
php5, php7.0, php7.2, php7.4, php8.0, php8.1
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| php5 | Not in release | Not in release | Not in release | Not in release | Not in release |
| php7.0 | Not in release | Not in release | Not in release | Not in release | Not in release |
| php7.2 | Not in release | Not in release | Not in release | Not in release | Fixed |
| php7.4 | Not in release | Not in release | Not in release | Fixed | Not in release |
| php8.0 | Not in release | Not in release | Not in release | Not in release | Not in release |
| php8.1 | Not in release | Not in release | Not affected | Not in release | Not in release |
PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted...
6 affected packages
php5, php7.0, php7.2, php7.4, php8.0, php8.1
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| php5 | Not in release | Not in release | Not in release | Not in release | Not in release |
| php7.0 | Not in release | Not in release | Not in release | Not in release | Not in release |
| php7.2 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| php7.4 | Not in release | Not in release | Not in release | Not affected | Not in release |
| php8.0 | Not in release | Not in release | Not in release | Not in release | Not in release |
| php8.1 | Not in release | Not in release | Not affected | Not in release | Not in release |