2 matches found
CVE-2026-6104
In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mbconvertencoding or related mbstring functions, the code incorrectly assumes that when strncasecmp returns 0 it means the strings have the same length. This can lead to...
PT-2019-12566 · Facebook · Hhvm
Name of the Vulnerable Software and Affected Versions: HHVM versions prior to 3.30.12 HHVM versions 4.0.0 through 4.8.5 HHVM versions 4.9.0 through 4.23.1 HHVM versions 4.24.0 through 4.28.1 Description: The issue is caused by an invalid free in mb detect order, which can lead to application...