14 matches found
Important: php8.4
Issue Overview: Global buffer over-read in mbconvertencoding with attacker-supplied encoding CVE-2026-6104 In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a...
BIT-PHP-MIN-2026-6104 Global buffer over-read in mb_convert_encoding() with attacker-supplied encoding
In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mbconvertencoding or related mbstring functions, the code incorrectly assumes that when strncasecmp returns 0 it means the strings have the same length. This can lead to...
BIT-PHP-2026-6104 Global buffer over-read in mb_convert_encoding() with attacker-supplied encoding
In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mbconvertencoding or related mbstring functions, the code incorrectly assumes that when strncasecmp returns 0 it means the strings have the same length. This can lead to...
BIT-LIBPHP-2026-6104 Global buffer over-read in mb_convert_encoding() with attacker-supplied encoding
In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mbconvertencoding or related mbstring functions, the code incorrectly assumes that when strncasecmp returns 0 it means the strings have the same length. This can lead to...
CVE-2026-6104 Global buffer over-read in mb_convert_encoding() with attacker-supplied encoding
In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mbconvertencoding or related mbstring functions, the code incorrectly assumes that when strncasecmp returns 0 it means the strings have the same length. This can lead to...
EUVD-2026-28979
In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mbconvertencoding or related mbstring functions, the code incorrectly assumes that when strncasecmp returns 0 it means the strings have the same length. This can lead to...
CVE-2024-29186 Slow String Operations via MultiPart Requests in Event-Driven Functions
Bref is an open-source project that helps users go serverless on Amazon Web Services with PHP. When Bref prior to version 2.1.17 is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion...
Design/Logic Flaw
Algorithmic complexity vulnerability in wp-trackback.php in WordPress before 2.8.5 allows remote attackers to cause a denial of service CPU consumption and server hang via a long title parameter in conjunction with a charset parameter composed of many comma-separated "UTF-8" substrings, related t...
CVE-2009-3622
Algorithmic complexity vulnerability in wp-trackback.php in WordPress before 2.8.5 allows remote attackers to cause a denial of service CPU consumption and server hang via a long title parameter in conjunction with a charset parameter composed of many comma-separated "UTF-8" substrings, related t...
CVE-2009-3622
Algorithmic complexity vulnerability in wp-trackback.php in WordPress before 2.8.5 allows remote attackers to cause a denial of service CPU consumption and server hang via a long title parameter in conjunction with a charset parameter composed of many comma-separated "UTF-8" substrings, related t...
DEBIAN-CVE-2009-3622
Algorithmic complexity vulnerability in wp-trackback.php in WordPress before 2.8.5 allows remote attackers to cause a denial of service CPU consumption and server hang via a long title parameter in conjunction with a charset parameter composed of many comma-separated "UTF-8" substrings, related t...
CVE-2009-3622
CVE-2009-3622 affects WordPress wp-trackback.php. The vulnerability allows remote attackers to cause a denial of service (CPU consumption and server hang) by sending a long title together with a charset parameter consisting of many comma-separated "UTF-8" substrings, exploiting mb_convert_encodin...
CVE-2009-3622
Algorithmic complexity vulnerability in wp-trackback.php in WordPress before 2.8.5 allows remote attackers to cause a denial of service CPU consumption and server hang via a long title parameter in conjunction with a charset parameter composed of many comma-separated "UTF-8" substrings, related t...
Heap overflow
Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilterhtmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is not properly handled during Unicode conversion,...