CentOS 8 : php:7.4 (CESA-2021:4213)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:4213 advisory. - php: Use of freed hash key in the pharparsezipfile function CVE-2020-7068 - php: Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV...

RHEL 8 : php:7.4 (RHSA-2021:4213)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4213 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later...

SUSE: Security Advisory (SUSE-SU-2020:2477-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for php7 (moderate)

openSUSE Security Update: Security update for php7 Announcement ID: openSUSE-SU-2020:1354-1 Rating: moderate References: 1173786 1174010 1175223 Cross-References: CVE-2020-7068 Affected Products: openSUSE Leap 15.1 An update that solves one vulnerability and has two fixes is now available...

SUSE-SU-2020:2405-1 Security update for php72

This update for php72 fixes the following issues: - CVE-2020-7068: Use of freed hash key in the pharparsezipfile function bsc1175223...

SUSE-SU-2020:2404-1 Security update for php74

This update for php74 fixes the following issues: - CVE-2020-7068: Use of freed hash key in the pharparsezipfile function bsc1175223...

SUSE-SU-2020:2403-1 Security update for php7

This update for php7 fixes the following issues: - fix CVE-2020-7068 bsc1175223: Use of freed hash key in the pharparsezipfile function...

PHP < 7.2.33, 7.3 < 7.3.21, 7.4 < 7.4.9 DoS Vulnerability (Aug 2020) - Linux

PHP is prone to a denial of service vulnerability in the pharparsezipfile function. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

PHP < 7.2.33, 7.3 < 7.3.21, 7.4 < 7.4.9 DoS Vulnerability (Aug 2020) - Windows

PHP is prone to a denial of service DoS vulnerability in the pharparsezipfile function. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Internet Bug Bounty: Out of bound when verify signature of zip phar in phar_parse_zipfile

https://bugs.php.net/bug.php?id=72928 There was a security code in pharparsezipfile sig = char emallocentry.uncompressedfilesize; read = phpstreamreadfp, sig, entry.uncompressedfilesize; if read != entry.uncompressedfilesize phpstreamclosesigfile; efreesig; PHARZIPFAIL"signature cannot be read";...

CVE-2015-7804

CVE-2015-7804 is an uninitialized pointer/use flaw in PHP’s Phar ZIP handling. The issue exists in the Phar extension’s phar_parse_zipfile function and phar_make_dirstream(), when processing ZIP-format Phar archives that include a directory entry with a name of "/ZIP". This can crash PHP via an u...

CVE-2015-7804

Off-by-one error in the pharparsezipfile function in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service uninitialized pointer dereference and application crash by including the / filename in a .zip PHAR archive...