PT-2026-40303

In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mb convert encoding or related mbstring functions, the code incorrectly assumes that when strncasecmp returns 0 it means the strings have the same length. This can lead to...

CVE-2026-6104

In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mbconvertencoding or related mbstring functions, the code incorrectly assumes that when strncasecmp returns 0 it means the strings have the same length. This can lead to...

Linux Distros Unpatched Vulnerability : CVE-2016-5768

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Double free vulnerability in the phpmbregexeregreplaceexec function in phpmbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x...

[SECURITY] [DLA 2431-2] libonig regression update

Debian LTS Advisory DLA-2431-2 [email protected] https://www.debian.org/lts/security/ Markus Koschany January 30, 2021 https://wiki.debian.org/LTS Package : libonig Version : 6.1.3-2+deb9u2 CVE ID : CVE-2020-26159 It was discovered that CVE-2020-26159 in the Oniguruma regular expression...

Debian: Security Advisory (DLA-2431-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-2020-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-2020-1 : libonig security update

Several vulnerabilities were discovered in the Oniguruma regular expressions library, notably used in PHP mbstring. CVE-2019-19012 An integer overflow in the searchinrange function in regexec.c leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker...

[SECURITY] [DLA 2020-1] libonig security update

Package : libonig Version : 5.9.5-3.2+deb8u4 CVE ID : CVE-2019-19012 CVE-2019-19204 CVE-2019-19246 Debian Bug : 944959 945313 Several vulnerabilities were discovered in the Oniguruma regular expressions library, notably used in PHP mbstring. CVE-2019-19012 An integer overflow in the searchinrange...

php: Heap-based buffer over-read in mbstring regular expression functions

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in...

Debian DLA-1918-1 : libonig security update

The Oniguruma regular expressions library, notably used in PHP mbstring, is vulnerable to stack exhaustion. A crafted regular expression can crash the process. For Debian 8 'Jessie', this problem has been fixed in version 5.9.5-3.2+deb8u3. We recommend that you upgrade your libonig packages. NOTE...

UBUNTU-CVE-2019-9023

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in...

Oniguruma Denial of Service Vulnerability

mbstring Multi-Byte String is a language encoding extension library in PHP PHP: Hypertext Preprocessor; Oniguruma-mod is a regular expression library in Ruby programming language.Oniguruma is one of the a regular expression engine. A security vulnerability exists in Ruby's Oniguruma-mod and PHP's...

Oniguruma 'bitset_set_range()' function heap boundary write vulnerability

mbstring Multi-Byte String is a language encoding extension library in PHP PHP: Hypertext Preprocessor; Oniguruma-mod is a regular expression library in Ruby programming language.Oniguruma is one of the a regular expression engine. A security vulnerability exists in Oniguruma's 'bitsetsetrange'...

CVE-2016-5768

Double free vulnerability in the phpmbregexeregreplaceexec function in phpmbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service application crash by leveraging a callback...

CVE-2016-5768

Double free vulnerability in the phpmbregexeregreplaceexec function in phpmbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service application crash by leveraging a callback...

Critical: php

Issue Overview: The asn1timetotimet function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse 1 notBefore and 2 notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of...

Oracle Linux 5 : php (ELSA-2009-0338)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2009-0338 advisory. - ext/gd: fix overflow2 usage for CVE-2007-3996, CVE-2008-3658 Tenable has extracted the preceding description block directly from the Oracle Linux...

FreeBSD : php-mbstring -- php mbstring buffer overflow vulnerability (a2074ac6-124c-11de-a964-0030843d3802)

SecurityFocus reports : PHP is prone to a buffer-overflow vulnerability because it fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers. The issue affects the 'mbstring' extension included in the standard distribution. An attacker can exploit...

php security update

CentOS Errata and Security Advisory CESA-2007:0076 Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting...

php security update

CentOS Errata and Security Advisory CESA-2006:0669 Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting...