Search CVE reports
1 – 10 of 27 results
[NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix]
7 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| php5 | Not in release | Not in release | — | — |
| php7.0 | Not in release | Not in release | — | — |
| php7.2 | Not in release | Not in release | — | Needs evaluation |
| php7.4 | Not in release | Not in release | Needs evaluation | — |
| php8.1 | Not in release | Needs evaluation | — | — |
| php8.3 | Needs evaluation | Not in release | — | — |
| php8.4 | Not in release | Not in release | — | — |
[pgsql extension does not check for errors during escaping]
7 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| php5 | Not in release | Not in release | — | — |
| php7.0 | Not in release | Not in release | — | — |
| php7.2 | Not in release | Not in release | — | Needs evaluation |
| php7.4 | Not in release | Not in release | Needs evaluation | — |
| php8.1 | Not in release | Needs evaluation | — | — |
| php8.3 | Needs evaluation | Not in release | — | — |
| php8.4 | Not in release | Not in release | — | — |
[Null byte termination in hostnames]
7 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| php5 | Not in release | Not in release | — | — |
| php7.0 | Not in release | Not in release | — | — |
| php7.2 | Not in release | Not in release | — | Needs evaluation |
| php7.4 | Not in release | Not in release | Needs evaluation | — |
| php8.1 | Not in release | Needs evaluation | — | — |
| php8.3 | Needs evaluation | Not in release | — | — |
| php8.4 | Not in release | Not in release | — | — |
Some fixes available 5 of 8
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit on the location value size...
7 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| php5 | Not in release | Not in release | Not in release | — |
| php7.0 | Not in release | Not in release | Not in release | — |
| php7.2 | Not in release | Not in release | Not in release | Needs evaluation |
| php7.4 | Not in release | Not in release | Fixed | — |
| php8.1 | Not in release | Fixed | Not in release | — |
| php8.3 | Fixed | Not in release | Not in release | — |
| php8.4 | Not in release | Not in release | Not in release | — |
Some fixes available 5 of 8
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line characters may prevent certain...
7 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| php5 | Not in release | Not in release | Not in release | — |
| php7.0 | Not in release | Not in release | Not in release | — |
| php7.2 | Not in release | Not in release | Not in release | Needs evaluation |
| php7.4 | Not in release | Not in release | Fixed | — |
| php8.1 | Not in release | Fixed | Not in release | — |
| php8.3 | Fixed | Not in release | Not in release | — |
| php8.4 | Not in release | Not in release | Not in release | — |
Some fixes available 5 of 8
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when receiving headers from HTTP server, the headers missing a colon (:) are treated as valid headers even though they...
7 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| php5 | Not in release | Not in release | Not in release | — |
| php7.0 | Not in release | Not in release | Not in release | — |
| php7.2 | Not in release | Not in release | Not in release | Needs evaluation |
| php7.4 | Not in release | Not in release | Fixed | — |
| php8.1 | Not in release | Fixed | Not in release | — |
| php8.3 | Fixed | Not in release | Not in release | — |
| php8.4 | Not in release | Not in release | Not in release | — |
Some fixes available 5 of 8
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to...
7 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| php5 | Not in release | Not in release | Not in release | — |
| php7.0 | Not in release | Not in release | Not in release | — |
| php7.2 | Not in release | Not in release | Not in release | Needs evaluation |
| php7.4 | Not in release | Not in release | Fixed | — |
| php8.1 | Not in release | Fixed | Not in release | — |
| php8.3 | Fixed | Not in release | Not in release | — |
| php8.4 | Not in release | Not in release | Not in release | — |
Some fixes available 5 of 8
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are parsed incorrectly, which may...
7 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| php5 | Not in release | Not in release | Not in release | — |
| php7.0 | Not in release | Not in release | Not in release | — |
| php7.2 | Not in release | Not in release | Not in release | Needs evaluation |
| php7.4 | Not in release | Not in release | Fixed | — |
| php8.1 | Not in release | Fixed | Not in release | — |
| php8.3 | Fixed | Not in release | Not in release | — |
| php8.4 | Not in release | Not in release | Not in release | — |
Some fixes available 5 of 7
In PHP versions 8.3.* before 8.3.19 and 8.4.* before 8.4.5, a code sequence involving __set handler or ??= operator and exceptions can lead to a use-after-free vulnerability. If the third party can control the memory layout...
7 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| php5 | Not in release | Not in release | Not in release | — |
| php7.0 | Not in release | Not in release | Not in release | — |
| php7.2 | Not in release | Not in release | Not in release | Needs evaluation |
| php7.4 | Not in release | Not in release | Fixed | — |
| php8.1 | Not in release | Fixed | Not in release | — |
| php8.3 | Fixed | Not in release | Not in release | — |
| php8.4 | Not in release | Not in release | Not in release | — |
Some fixes available 5 of 7
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead...
6 affected packages
php5, php7.0, php7.2, php7.4, php8.1, php8.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| php5 | Not in release | Not in release | Not in release | — |
| php7.0 | Not in release | Not in release | Not in release | — |
| php7.2 | Not in release | Not in release | Not in release | Needs evaluation |
| php7.4 | Not in release | Not in release | Fixed | — |
| php8.1 | Not in release | Fixed | Not in release | — |
| php8.3 | Fixed | Not in release | Not in release | — |