107 matches found
CVE-2026-7258 Out-of-bounds read in urldecode() on NetBSD
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, some functions, including urldecode, pass signed char to ctype functions like isxdigit. On the systems with default signed char and optimized table-lookup ctype functions - such as NetBSD - this can...
CVE-2026-7258 Out-of-bounds read in urldecode() on NetBSD
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, some functions, including urldecode, pass signed char to ctype functions like isxdigit. On the systems with default signed char and optimized table-lookup ctype functions - such as NetBSD - this can...
CVE-2026-7258
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, some functions, including urldecode, pass signed char to ctype functions like isxdigit. On the systems with default signed char and optimized table-lookup ctype functions - such as NetBSD - this can...
CVE-2026-7258
CVE-2026-7258 describes an out-of-bounds access in PHP’s urldecode() when an unsigned/signed char is passed to ctype checks on systems with certain default signed char configurations (e.g., NetBSD), potentially triggering a denial of service. Affected PHP releases: 8.2.x before 8.2.31, 8.3.x befo...
PT-2026-39446
Name of the Vulnerable Software and Affected Versions PHP versions 8.2.0 through 8.2.30 PHP versions 8.3.0 through 8.3.30 PHP versions 8.4.0 through 8.4.20 PHP versions 8.5.0 through 8.5.5 Description Certain functions, including urldecode, pass signed characters to ctype functions such as...
TOTOLINK A7000R Stack Buffer Overflow Vulnerability
TOTOLINK A7000R is a wireless router from China's Gion Electronics TOTOLINK that supports WiFi7 technology for home or small business network environments. The TOTOLINK A7000R suffers from a stack buffer overflow vulnerability that originates from the urldecode function's addEffect parameter...
TOTOLINK A7000R urldecode function stack buffer overflow vulnerability
TOTOLINK A7000R is a wireless router from China's Gion Electronics TOTOLINK that supports WiFi7 technology for home or small business network environments. The TOTOLINK A7000R suffers from a stack buffer overflow vulnerability, which stems from the ssid parameter of the urldecode function failing...
CVE-2025-63153
TOTOLink A7000R V9.1.0u.6115B20201022 was discovered to contain a stack overflow in the ssid parameter of the urldecode function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...
CVE-2025-63154
TOTOLink A7000R V9.1.0u.6115B20201022 was discovered to contain a stack overflow in the addEffect parameter of the urldecode function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted POST request...
EUVD-2025-48950
TOTOLink A7000R V9.1.0u.6115B20201022 was discovered to contain a stack overflow in the ssid parameter of the urldecode function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...
EUVD-2025-48951
TOTOLink A7000R V9.1.0u.6115B20201022 was discovered to contain a stack overflow in the addEffect parameter of the urldecode function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted POST request...
CVE-2025-63153
TOTOLink A7000R V9.1.0u.6115B20201022 was discovered to contain a stack overflow in the ssid parameter of the urldecode function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...
CVE-2025-63153
TOTOLink A7000R V9.1.0u.6115B20201022 was discovered to contain a stack overflow in the ssid parameter of the urldecode function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...
CVE-2025-63154
TOTOLink A7000R V9.1.0u.6115B20201022 was discovered to contain a stack overflow in the addEffect parameter of the urldecode function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted POST request...
CVE-2025-63154
TOTOLink A7000R V9.1.0u.6115B20201022 was discovered to contain a stack overflow in the addEffect parameter of the urldecode function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted POST request...
CVE-2025-63153
The CVE-2025-63153 entry applies to TOTOLink A7000R firmware v9.1.0u.6115_B20201022, which contains a stack overflow in the ssid parameter processed by the urldecode function. This flaw can be triggered by a crafted request sent over the network, enabling a Denial of Service (DoS). The cited metr...
TOTOLINK A7000R 安全漏洞
TOTOLINK A7000R is a wireless router from China's Gion Electronics TOTOLINK that supports WiFi7 technology for home or small business network environments. The TOTOLINK A7000R suffers from a stack buffer overflow vulnerability that originates from the urldecode function's addEffect parameter...
TOTOLink A7000R 安全漏洞
TOTOLINK A7000R is a wireless router from China's Gion Electronics TOTOLINK that supports WiFi7 technology for home or small business network environments. The TOTOLINK A7000R suffers from a stack buffer overflow vulnerability, which stems from the ssid parameter of the urldecode function failing...
CVE-2025-63154
CVE-2025-63154 affects TOTOLink A7000R (V9.1.0u.6115_B20201022). Multiple connected sources describe a stack overflow in the addEffect parameter of the urldecode function, enabling denial-of-service via a crafted POST request. Details consistently identify the router family as vulnerable and poin...
PT-2025-46171
Name of the Vulnerable Software and Affected Versions TOTOLink A7000R version 9.1.0u.6115 B20201022 Description The TOTOLink A7000R router firmware contains a stack overflow in the ssid parameter of the urldecode function. This issue allows attackers to cause a Denial of Service DoS through a...