Lucene search
K

11 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in PHP 8.1

In PHP versions 8.3. before 8.3.19 and 8.4. before 8.4.5, a code sequence involving the set handler or ??= operator and exceptions can lead to a use-after-free vulnerability. If a third party can control the memory layout, for example by providing specially crafted inputs to the script, it could...

9.2CVSS7.5AI score0.01357EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2025/05/13 5:18 p.m.9 views

php: Reference counting in php_request_shutdown causes Use-After-Free

A flaw was found in PHP. This vulnerability allows remote code execution via a crafted code path involving the set magic method or the null coalescing assignment ??= operator, in combination with exception handling. Attackers can trigger a use-after-free condition by controlling the memory layout...

9.2CVSS6.4AI score0.01357EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2025/05/13 1:59 p.m.9 views

php: Reference counting in php_request_shutdown causes Use-After-Free

A flaw was found in PHP. This vulnerability allows remote code execution via a crafted code path involving the set magic method or the null coalescing assignment ??= operator, in combination with exception handling. Attackers can trigger a use-after-free condition by controlling the memory layout...

9.2CVSS6.4AI score0.01357EPSS
Exploits1References5
OSV
OSV
added 2025/04/29 8:1 p.m.7 views

CLSA-2025-1745956866 php: Fix of CVE-2024-11235

CVE-2024-11235: Fix use-after-free vulnerability related to set handler and ??= operator to prevent potential remote code execution...

9.2CVSS6.4AI score0.01357EPSS
Exploits1References1
OSV
OSV
added 2025/04/14 11:50 a.m.10 views

CLSA-2025-1744631408 php: Fix of CVE-2024-11235

CVE-2024-11235: fix Use-after-free for ??= due to incorrect live-range calculation...

9.2CVSS7.2AI score0.01357EPSS
Exploits1References1
OSV
OSV
added 2025/04/04 6:15 p.m.2 views

DEBIAN-CVE-2024-11235

In PHP versions 8.3. before 8.3.19 and 8.4. before 8.4.5, a code sequence involving set handler or ??= operator and exceptions can lead to a use-after-free vulnerability. If the third party can control the memory layout leading to this, for example by supplying specially crafted inputs to the...

8.1CVSS8.3AI score0.01357EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2025/04/04 6:15 p.m.8 views

CVE-2024-11235

In PHP versions 8.3. before 8.3.19 and 8.4. before 8.4.5, a code sequence involving set handler or ??= operator and exceptions can lead to a use-after-free vulnerability. If the third party can control the memory layout leading to this, for example by supplying specially crafted inputs to the...

9.2CVSS7.5AI score0.01357EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2025/01/29 4:15 p.m.4 views

DEBIAN-CVE-2025-24374

Twig is a template language for PHP. When using the ?? operator, output escaping was missing for the expression on the left side of the operator. This vulnerability is fixed in 3.19.0...

4.3CVSS5.3AI score0.00282EPSS
Exploits0References1
OSV
OSV
added 2025/01/29 4:15 p.m.4 views

UBUNTU-CVE-2025-24374

Twig is a template language for PHP. When using the ?? operator, output escaping was missing for the expression on the left side of the operator. This vulnerability is fixed in 3.19.0...

4.3CVSS5.8AI score0.00282EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/01/29 12:0 a.m.9 views

PT-2025-5352 · Twig +1 · Twig +1

Name of the Vulnerable Software and Affected Versions: Twig versions prior to 3.19.0 Description: The issue concerns the Twig template language for PHP, where output escaping was missing when using the ?? operator, specifically for the expression on the left side of the operator. Recommendations:...

4.3CVSS6.9AI score0.00282EPSS
Exploits0References19
Tenable Nessus
Tenable Nessus
added 2020/04/27 12:0 a.m.17 views

Fedora 30 : php (2020-96cb012029)

PHP version 7.3.17 16 Apr 2020 Core: - Fixed bug php79364 When copy empty array, next key is unspecified. cmb - Fixed bug php78210 Invalid pointer address. cmb, Nikita CURL: - Fixed bug php79199 curlcopyhandle memory leak. cmb Date: - Fixed bug php79396 DateTime hour incorrect during DST jump...

5.5AI score
Exploits0References1
Rows per page
Query Builder