11 matches found
Astra Linux – Vulnerability in PHP 8.1
In PHP versions 8.3. before 8.3.19 and 8.4. before 8.4.5, a code sequence involving the set handler or ??= operator and exceptions can lead to a use-after-free vulnerability. If a third party can control the memory layout, for example by providing specially crafted inputs to the script, it could...
php: Reference counting in php_request_shutdown causes Use-After-Free
A flaw was found in PHP. This vulnerability allows remote code execution via a crafted code path involving the set magic method or the null coalescing assignment ??= operator, in combination with exception handling. Attackers can trigger a use-after-free condition by controlling the memory layout...
php: Reference counting in php_request_shutdown causes Use-After-Free
A flaw was found in PHP. This vulnerability allows remote code execution via a crafted code path involving the set magic method or the null coalescing assignment ??= operator, in combination with exception handling. Attackers can trigger a use-after-free condition by controlling the memory layout...
CLSA-2025-1745956866 php: Fix of CVE-2024-11235
CVE-2024-11235: Fix use-after-free vulnerability related to set handler and ??= operator to prevent potential remote code execution...
CLSA-2025-1744631408 php: Fix of CVE-2024-11235
CVE-2024-11235: fix Use-after-free for ??= due to incorrect live-range calculation...
DEBIAN-CVE-2024-11235
In PHP versions 8.3. before 8.3.19 and 8.4. before 8.4.5, a code sequence involving set handler or ??= operator and exceptions can lead to a use-after-free vulnerability. If the third party can control the memory layout leading to this, for example by supplying specially crafted inputs to the...
CVE-2024-11235
In PHP versions 8.3. before 8.3.19 and 8.4. before 8.4.5, a code sequence involving set handler or ??= operator and exceptions can lead to a use-after-free vulnerability. If the third party can control the memory layout leading to this, for example by supplying specially crafted inputs to the...
DEBIAN-CVE-2025-24374
Twig is a template language for PHP. When using the ?? operator, output escaping was missing for the expression on the left side of the operator. This vulnerability is fixed in 3.19.0...
UBUNTU-CVE-2025-24374
Twig is a template language for PHP. When using the ?? operator, output escaping was missing for the expression on the left side of the operator. This vulnerability is fixed in 3.19.0...
PT-2025-5352 · Twig +1 · Twig +1
Name of the Vulnerable Software and Affected Versions: Twig versions prior to 3.19.0 Description: The issue concerns the Twig template language for PHP, where output escaping was missing when using the ?? operator, specifically for the expression on the left side of the operator. Recommendations:...
Fedora 30 : php (2020-96cb012029)
PHP version 7.3.17 16 Apr 2020 Core: - Fixed bug php79364 When copy empty array, next key is unspecified. cmb - Fixed bug php78210 Invalid pointer address. cmb, Nikita CURL: - Fixed bug php79199 curlcopyhandle memory leak. cmb Date: - Fixed bug php79396 DateTime hour incorrect during DST jump...