RHEL 8 : php:7.4 (RHSA-2021:4213)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4213 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later...

CentOS 8 : php:7.4 (CESA-2021:4213)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:4213 advisory. - php: Use of freed hash key in the pharparsezipfile function CVE-2020-7068 - php: Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV...

SUSE: Security Advisory (SUSE-SU-2020:2477-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the phar_parse_zipfile function in the PHP programming language allows a perpetrator to access confidential data and also trigger a service failure.

The vulnerability of the pharparsezipfile function in the PHP programming language is related to the use of memory after it is freed. Exploiting this vulnerability allows an attacker to gain access to confidential data and also cause service interruptions...

Security update for php7 (moderate)

openSUSE Security Update: Security update for php7 Announcement ID: openSUSE-SU-2020:1354-1 Rating: moderate References: 1173786 1174010 1175223 Cross-References: CVE-2020-7068 Affected Products: openSUSE Leap 15.1 An update that solves one vulnerability and has two fixes is now available...

SUSE-SU-2020:2405-1 Security update for php72

This update for php72 fixes the following issues: - CVE-2020-7068: Use of freed hash key in the pharparsezipfile function bsc1175223...

SUSE-SU-2020:2404-1 Security update for php74

This update for php74 fixes the following issues: - CVE-2020-7068: Use of freed hash key in the pharparsezipfile function bsc1175223...

SUSE-SU-2020:2403-1 Security update for php7

This update for php7 fixes the following issues: - fix CVE-2020-7068 bsc1175223: Use of freed hash key in the pharparsezipfile function...

PHP < 7.2.33, 7.3 < 7.3.21, 7.4 < 7.4.9 DoS Vulnerability (Aug 2020) - Windows

PHP is prone to a denial of service DoS vulnerability in the pharparsezipfile function. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

PHP < 7.2.33, 7.3 < 7.3.21, 7.4 < 7.4.9 DoS Vulnerability (Aug 2020) - Linux

PHP is prone to a denial of service vulnerability in the pharparsezipfile function. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Internet Bug Bounty: Out of bound when verify signature of zip phar in phar_parse_zipfile

https://bugs.php.net/bug.php?id=72928 There was a security code in pharparsezipfile sig = char emallocentry.uncompressedfilesize; read = phpstreamreadfp, sig, entry.uncompressedfilesize; if read != entry.uncompressedfilesize phpstreamclosesigfile; efreesig; PHARZIPFAIL"signature cannot be read";...

CVE-2015-7804

CVE-2015-7804 is an uninitialized pointer/use flaw in PHP’s Phar ZIP handling. The issue exists in the Phar extension’s phar_parse_zipfile function and phar_make_dirstream(), when processing ZIP-format Phar archives that include a directory entry with a name of "/ZIP". This can crash PHP via an u...

CVE-2015-7804

Off-by-one error in the pharparsezipfile function in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service uninitialized pointer dereference and application crash by including the / filename in a .zip PHAR archive...