233 matches found
F5 Networks BIG-IP : PHP vulnerability (K95432245)
Double free vulnerability in the phpmbregexeregreplaceexec function in phpmbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service application crash by leveraging a callback...
Fedora 23 : php-php-gettext (2016-a571b97ebb)
php-gettext 1.0.12 ================== - Security fix for potential code injection bug LP1515334 - Do not assume mbstring functions are always there, pass text through if they aren't LP734494 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora...
Oracle Linux 7 : php (ELSA-2016-2598)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-2598 advisory. - bz2: fix improper error handling in bzread CVE-2016-5399 - gd: fix integer overflow in gd2GetHeader resulting in heap overflow CVE-2016-5766 - gd: fi...
Fedora 23 : php (2016-0729e59542)
13 Oct 2016 - PHP version 5.6.27 Core: - Fixed bug php73025 Heap Buffer Overflow in virtualpopen of zendvirtualcwd.c. cmb - Fixed bug php73058 crypt broken when salt is 'too' long. Anatol - Fixed bug php72703 Out of bounds global memory read in BFcrypt triggered by passwordverify. Anatol - Fixed...
Fedora 23 : php (2016-db71b72137)
15 Sep 2016 PHP version 5.6.26 Core: - Fixed bug php72907 NULL pointer deref, segfault in gcremovezvalfrombuffer zendgc.c:260. Laruence Dba: - Fixed bug php71514 Bad dbareplace condition because of wrong API usage. cmb - Fixed bug php70825 Cannot fetch multiple values with group in ini file. cmb...
Fedora 24 : php (2016-62fc05fd68)
15 Sep 2016 PHP version 5.6.26 Core: - Fixed bug php72907 NULL pointer deref, segfault in gcremovezvalfrombuffer zendgc.c:260. Laruence Dba: - Fixed bug php71514 Bad dbareplace condition because of wrong API usage. cmb - Fixed bug php70825 Cannot fetch multiple values with group in ini file. cmb...
PHP 'mbstring/php_mbregex.c' Remote Command Execution Vulnerability
PHP is an open source general-purpose computer scripting language. A remote command execution vulnerability exists in PHP 'mbstring/phpmbregex.c', which allows an attacker to exploit the vulnerability to execute arbitrary code in the context of an affected application, or a failed attack resultin...
PHP 'ext/mbstring/php_mbregex.c' Buffer Overflow Vulnerability
PHP is an open source general-purpose computer scripting language. PHP 'ext/mbstring/phpmbregex.c' suffers from a buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code in the context of an affected application, which may also result in a denial of service...
CVE-2016-5768
Double free vulnerability in the phpmbregexeregreplaceexec function in phpmbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service application crash by leveraging a callback...
CVE-2016-5768
Double free vulnerability in the phpmbregexeregreplaceexec function in phpmbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service application crash by leveraging a callback...
Double free
Double free vulnerability in the phpmbregexeregreplaceexec function in phpmbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service application crash by leveraging a callback...
CVE-2016-5768
CVE-2016-5768 is a double‑free vulnerability in mbstring's _php_mb_regex_ereg_replace_exec (php_mbregex.c) that affects PHP prior to 5.5.37, 5.6.x prior to 5.6.23, and 7.x prior to 7.0.8. Exploitation could allow remote code execution or a denial of service (application crash) via a callback exce...
CVE-2016-5768
Double free vulnerability in the phpmbregexeregreplaceexec function in phpmbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service application crash by leveraging a callback...
CVE-2016-5768
Removed by vendor...
Fedora 23 : php (2016-34a6b65583)
23 Jun 2016, PHP 5.6.23 Core: - Fixed bug php72275 Integer Overflow in jsonencode/jsondecode/jsonutf8toutf16. Stas - Fixed bug php72400 Integer Overflow in addcslashes/addslashes. Stas - Fixed bug php72403 Integer Overflow in Length of String-typed ZVAL. Stas GD: - Fixed bug php72298 pass2nodithe...
Fedora 22 : php (2016-99fbdc5c34)
23 Jun 2016, PHP 5.6.23 Core: - Fixed bug php72275 Integer Overflow in jsonencode/jsondecode/jsonutf8toutf16. Stas - Fixed bug php72400 Integer Overflow in addcslashes/addslashes. Stas - Fixed bug php72403 Integer Overflow in Length of String-typed ZVAL. Stas GD: - Fixed bug php72298 pass2nodithe...
CVE-2016-5768
Double free vulnerability in the phpmbregexeregreplaceexec function in phpmbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service application crash by leveraging a callback...
UBUNTU-CVE-2016-5768
Double free vulnerability in the phpmbregexeregreplaceexec function in phpmbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service application crash by leveraging a callback...
UBUNTU-CVE-2016-4073
Multiple integer overflows in the mbflstrcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted mbstrcut call...
Fedora 22 : php-5.6.20-1.fc22 (2016-9282d83bee)
31 Mar 2016, PHP 5.6.20 CLI Server: Fixed bug php69953 Support MKCALENDAR request method. Christoph Core: Fixed bug php71596 Segmentation fault on ZTS with date function setlocale. Anatol Curl: - Fixed bug php71694 Support constant CURLMADDEDALREADY. mpyw Date: - Fixed bug php71635...