php: global buffer over-read in mb_convert_encoding() with attacker-supplied encoding

A flaw was found in PHP. When an encoding name containing an embedded NUL byte is passed to mbconvertencoding or related mbstring functions, an out-of-bounds read of only 1 byte can occur due to the incorrect processing of string lengths. This issue can cause a denial of service or limited...

BIT-LIBPHP-2026-7259 Null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init()

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads to a NULL pointer dereference, resulting in a segmentation fault and denial of service. The vulnerability is exploitable when...

UBUNTU-CVE-2026-7259

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads to a NULL pointer dereference, resulting in a segmentation fault and denial of service. The vulnerability is exploitable when...

USN-8174-1 libxml-parser-perl vulnerabilities

It was discovered that XML::Parser incorrectly handled certain multi-byte UTF-8 characters. If a user or automated system were tricked into processing specially crafted XML data, a remote attacker could use this issue to cause XML::Parser to crash, resulting in a denial of service or to possibly...

EUVD-2006-2315

Malware in sbrugna...

EUVD-2020-28194

Malware in sbrugna...

CLSA-2025-1753982448 php: Fix of CVE-2025-1735

CVE-2025-1735: add error checking for pgsql extension escape functions, mainly to fix possible issues with multi-byte encoding of Postgres databases...

OESA-2025-1568 libpq security update

PostgreSQL is a powerful, open source object-relational database system that uses and extends the SQL language combined with many features that safely store and scale the most complicated data workloads. This package provides the essential shared library for any PostgreSQL client program or...

Elastic Defend 8.13.3 Security Update (ESA-2024-24)

Elastic Defend Improper Handling of Alternate Encoding Leads to Crash ESA-2024-24 Improper handling of alternate encoding occurs when Elastic Defend on Windows systems attempts to scan a file or process encoded as a multibyte character. This leads to an uncaught exception causing Elastic Defend t...

Elastic Defend 安全漏洞

Elastic Defend is an application from the Dutch company Elastic. It provides prevention, detection and response capabilities, as well as deep visibility into EPP, EDR, SIEM and security analytics. A security vulnerability exists in Elastic Defend 8.13.3 and prior versions, which stems from an...

SUSE CVE-2009-2940

The pygresql module 3.8.1 and 4.0 for Python does not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings...

SUSE CVE-2012-6656

iconvdata/ibm930.c in GNU C Library aka glibc before 2.16 allows context-dependent attackers to cause a denial of service out-of-bounds read via a multibyte character value of "0xffff" to the iconv function when converting IBM930 encoded data to UTF-8...

PT-2022-36746 · Git +1 · Oniguruma

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow READ 1 crash has been reported, involving functions such as onigenc mbn mbc case fold, euckr mbc case fold, and match at...

Updated php-ZendFramework packages fix CVE-2015-5161

Updated php-ZendFramework packages fix security vulnerability: Dawid Golunski discovered that when running under PHP-FPM in a threaded environment, Zend Framework, a PHP framework, did not properly handle XML data in multibyte encoding. This could be used by remote attackers to perform an XML...

MGASA-2015-0371 Updated php-ZendFramework packages fix CVE-2015-5161

Updated php-ZendFramework and php-ZendFramework2 packages fix security vulnerability: Dawid Golunski discovered that when running under PHP-FPM in a threaded environment, Zend Framework, a PHP framework, did not properly handle XML data in multibyte encoding. This could be used by remote attacker...

Updated php-ZendFramework packages fix CVE-2015-5161

Updated php-ZendFramework and php-ZendFramework2 packages fix security vulnerability: Dawid Golunski discovered that when running under PHP-FPM in a threaded environment, Zend Framework, a PHP framework, did not properly handle XML data in multibyte encoding. This could be used by remote attacker...

Debian DLA-302-1 : zendframework security update

Dawid Golunski discovered that when running under PHP-FPM in a threaded environment, Zend Framework, a PHP framework, did not properly handle XML data in multibyte encoding. This could be used by remote attackers to perform an XML External Entity attack via crafted XML data. For Debian 6 'Squeeze...

[SECURITY] [DSA 3340-1] zendframework security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3340-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini August 19, 2015 https://www.debian.org/security/faq -...

Debian: Security Advisory (DSA-3340-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GBK character encoding character set defects lead to web security vulnerabilities-vulnerability warning-the black bar safety net

Many times, character encoding is used, we will not be too care about. Like the Chinese website, we generally use the gb2312,gbk,gb18030,you can also use utf-8. However, maybe we don't know, choose a different encoding, and may therefore cause the program itself to design defects. Multibyte...