Exploit for Out-of-bounds Read in Php

CVE-2022-31630 – Proof of Concept Exploit Peringatan: Kode ini...

MiracleLinux 9 : php:8.1 (AXSA:2023-5806:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5806:01 advisory. XKCP: buffer overflow in the SHA-3 reference implementation CVE-2022-37454 php: standard insecure cookie could be treated as a 'Host-' or 'Secure-'...

MiracleLinux 8 : php:7.4 (AXSA:2023-5958:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5958:01 advisory. XKCP: buffer overflow in the SHA-3 reference implementation CVE-2022-37454 php: standard insecure cookie could be treated as a 'Host-' or 'Secure-'...

MiracleLinux 9 : php-8.0.27-1.el9 (AXSA:2023-5186:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5186:02 advisory. XKCP: buffer overflow in the SHA-3 reference implementation CVE-2022-37454 php: standard insecure cookie could be treated as a Host- or Secure- cook...

php:7.4 security update

An update is available for module.php, module.php-pecl-xdebug, module.php-pear, module.php-pecl-apcu, php-pecl-rrd, php-pecl-zip, php, php-pear, module.php-pecl-zip, module.php-pecl-rrd, php-pecl-apcu, php-pecl-xdebug, module.libzip, libzip. This update affects Rocky Linux 8. A Common Vulnerabili...

RLSA-2023:2903 Moderate: php:7.4 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php 7.4.33. Security Fixes: XKCP: buffer overflow in the SHA-3 reference implementation CVE-2022-37454 php: standard insecure cookie could b...

RockyLinux 8 : php:7.4 (RLSA-2023:2903)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:2903 advisory. XKCP: buffer overflow in the SHA-3 reference implementation CVE-2022-37454 php: standard insecure cookie could be treated as a 'Host-' or 'Secure-' cooki...

RockyLinux 9 : php:8.1 (RLSA-2023:2417)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:2417 advisory. XKCP: buffer overflow in the SHA-3 reference implementation CVE-2022-37454 php: standard insecure cookie could be treated as a 'Host-' or 'Secure-' cooki...

EUVD-2022-53082

Malicious code in bioql PyPI...

BIT-LIBPHP-2022-31630 OOB read due to insufficient input validation in imageloadfont()

In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar function, the read outside allocated buffer will be used. This can lead to crashes or...

SUSE CVE-2022-31630

In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar function, the read outside allocated buffer will be used. This can lead to crashes or...

BIT-PHP-MIN-2022-31630 OOB read due to insufficient input validation in imageloadfont()

In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar function, the read outside allocated buffer will be used. This can lead to crashes or...

BIT-PHP-2022-31630 OOB read due to insufficient input validation in imageloadfont()

In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar function, the read outside allocated buffer will be used. This can lead to crashes or...

Important: php

Issue Overview: In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar function, the read outside allocated buffer will be used. This can lead ...

Amazon Linux 2 : php (ALASPHP8.1-2023-001)

The version of php installed on the remote host is prior to 8.1.12-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PHP8.1-2023-001 advisory. In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont function in gd extension, it is possible to...

EulerOS Virtualization 3.0.6.0 : php (EulerOS-SA-2023-2243)

According to the versions of the php packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The zendstringextend function in Zend/zendstring.h in PHP through 7.1.5 does not prevent changes to string objects that result in a...

Oracle Linux 8 : php:7.4 (ELSA-2023-2903)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2903 advisory. - CVE-2015-2331: integer overflow when processing ZIP archives 1204676,1204677 - fixes for CVE-2012-1162 and CVE-2012-1163 - fix: due to an integer...

php: OOB read due to insufficient input validation in imageloadfont()

An out-of-bounds read flaw was found in PHP due to insufficient input validation in the imageloadfont function. This flaw allows a remote attacker to pass specially crafted data to the web application, trigger an out-of-bounds read error, and read the contents of memory on the system...

php: OOB read due to insufficient input validation in imageloadfont()

An out-of-bounds read flaw was found in PHP due to insufficient input validation in the imageloadfont function. This flaw allows a remote attacker to pass specially crafted data to the web application, trigger an out-of-bounds read error, and read the contents of memory on the system...

Amazon Linux 2023 : php8.1, php8.1-bcmath, php8.1-cli (ALAS2023-2023-081)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-081 advisory. A vulnerability was found in php. This issue occurs due to memory corruption in the finfobuffer function and a bad patch of the libmagic library. This flaw allows an attacker or malicious actor...