Internet Bug Bounty: Heap overflow due to integer overflow in pg_escape_string() function

The fix for this bug has been committed: https://bugs.php.net/bug.php?id=73399 Description: ------------ I have found some vulnerable code at pgescapestring function in module PostgreSQL. pgescapestring function creates a new zendstring object to store escaped string. The size of destination stri...

CVE-2015-4644

CVE-2015-4644 affects the PHP pgsql extension: the php_pgsql_meta_data function in pgsql.c does not validate token extraction for table names. This can allow remote attackers to trigger a denial of service (NULL pointer dereference and application crash). Affected PHP versions are the PostgreSQL ...